The confidential medico-administrative data of almost half a million French people were stolen from the files of medical biology laboratories before being made accessible online.
Spotted on February 14 by Zataz – a site devoted to online crime – a massive leak exposed the critical medico-administrative data of nearly half a million French patients. “This leak displays the identity, telephone, postal address, social security number, the patient’s doctor (s), date of birth, date of hospitalization, CPAM, insurance / mutual of the patient , CMU, email address, ”says the online media.
As reported on February 23 by the newspaper Release, the people appearing on the computer file in question are “prime targets for personalized phishing, risks of identity theft, false prescriptions, fake distress messages covering the health problems mentioned, etc.”
“There are many usernames and passwords, probably making it possible to connect to“ patient areas ”in laboratories, and therefore to access these results. [Ces] passwords seem chosen by users [et] can therefore potentially be used to have access to other services, such as their mailbox, if they use the same ”, underlines the daily, according to which the database, now accessible on several forums and traditional social networks, reveals “Up to 60 different pieces of information on the same person”.
Of hackers Turks at the origin of the leak?
On an unprecedented scale, the leak is the result of a dispute between several hackers who have not found common ground for the commercial exploitation of their loot after having stolen the invaluable information in the files of some thirty medical biology laboratories which, according to Release, are “mainly located in the departments of Morbihan, Eure, Loiret, Côtes-d’Armor and to a lesser extent Loir-et-Cher”.
Quoted by the daily, journalist Damien Bancal explains that the data had initially been shared “in a discussion between hackers on a Turkish Telegram channel”: “One of them is a Turkish hacker well known for the sale of data, it has been a real business for quite some time, ”says the founder of the Zataz site.
Explaining having succeeded in having some of this data authenticated with doctors, Release highlights the fact that the leaked computer file could be just a fragment of a larger database. Among the French affected by the leak, the former Minister of Defense Hervé Morin was angry on a daily basis, and would consider a potential complaint.
In any case, Release points out that although it was aware of the existence of this database “since the end of last week at least”, the National Agency for the Security of Information Systems (Anssi) would not have for the hour not alerted most of the affected laboratories.