A flaw on a site transmitting the results of covid tests carried out in pharmacies to the government platform made the personal data and test results of thousands of people accessible, revealed this Tuesday Mediapart. The surnames, first names, dates of birth, addresses, telephone numbers, social security numbers and e-mail addresses, as well as the results of the tests of 700,000 people were available until Friday thanks to “a findable password, in plain language, in a file accessible to all ”on the Francetest site, writes the information site.
Francetest is a company founded last January which specializes in transferring data from covid tests carried out in pharmacies to the SI-DEP platform. The SI-DEP (screening information system) is a secure platform where the results of covid-19 tests are systematically recorded in order “to ensure that all positive cases are properly taken care of” and to identify cases. contacts, explains the Ministry of Health on its site.
The SI-DEP, a “not very ergonomic” platform
This platform, “manufactured by the AP-HP (Assistance publique-Hôpitaux de Paris) in an emergency in December (…) is not very ergonomic”, explains Philippe Besset, president of the Federation of Pharmaceutical Unions of France (FSPF) . Result: many pharmacists use intermediaries to enter the results of tests carried out in the SI-DEP. Francetest thus charges one euro per transmission, according to Mediapart.
On Sunday, the Directorate General of Health (DGS) sent an email to pharmacists to remind them of the software approved and compatible with the SI-DEP, of which Francetest is not part. “We have been alerting the authorities for weeks and weeks to these companies which present themselves as labeled and make it easier for pharmacists to go to the SI-DEP”, points out Philippe Besset.
“We absolutely need the authorities to provide us with a tool allowing us to transmit data to the SI-DEP with our business software, which is safe and approved,” he insisted, specifying that even software authorized by the DGS no were not sufficiently secure. Informed by an “anonymous report”, the Cnil, French gendarme of personal data, told AFP that it had launched investigations. The Francetest company, for its part, was not immediately reachable.