The medical data of 500,000 patients stolen and published on the internet


A file containing sensitive medical data from nearly 500,000 people in France is circulating on the internet, as franceinfo was able to see on Tuesday 23 February, following information from Release and the blog specialized in cybersecurity Zataz.

The file contains 491,840 names associated with contact details (postal address, telephone, e-mail) and a social security number. They are sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments or pathologies (in particular HIV seropositivity).

According to the daily Checknews section Release, who investigated the subject, the data come from around thirty medical biology laboratories, located mainly in the north-western quarter of France and using the same software for entering medico-administrative information.

According to the newspaper, these data correspond to samples taken between 2015 and October 2020. “We can find this file in seven different places on the internet”, Cybersecurity journalist Damien Bancal, who first identified the leak, told AFP on February 14, on his blog Zataz.

According to him, this file was the subject of a commercial negotiation between several hackers on a Telegram group specializing in the exchange of stolen databases, and one of them released it for free after an argument. “Five hundred thousand data is already huge and there is nothing to prevent hackers from having a lot more”, according to Damien Bancal.

Asked Tuesday evening by AFP, the National Information Systems Agency (Anssi) did not respond. The CNIL, personal data policeman, and the Directorate General for Health were not able to comment on this information either.


Leave a Reply

Your email address will not be published. Required fields are marked *