The medical data of nearly 500,000 people in France have leaked onto the Internet,
revealed Liberation and the blog specializing in cybersecurity, Zataz, on Tuesday.
The file contains the data of 491,840 people (names, postal address, telephone, e-mail) and a Social Security number. They are sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments, or pathologies (in particular HIV).
Data from medical biology laboratories
According to the daily Checknews section Release who investigated the subject, the data would come from about thirty medical biology laboratories, located mainly in the north-western quarter of France, using the same software for entering medico-administrative information.
According to the newspaper, they correspond to samples taken between 2015 and October 2020. “We can find this file in seven different places on the Internet,” said Damien Bancal, journalist specializing in cybersecurity, who first identified the leak on February 14 on his blog Zataz.
A negotiation between the pirates
According to him, this file was the subject of a commercial negotiation between several hackers on a Telegram group specializing in the exchange of stolen databases, and one of them distributed it for free following an argument. “500,000 pieces of data is already huge and there is nothing to prevent hackers from having a lot more,” he said.
Asked Tuesday evening, the National Information Systems Agency (Anssi) did not respond. The CNIL, personal data policeman, and the Directorate General for Health were not able to comment on this information either.