Thursday, October 28

The CNIL is investigating the dissemination of medical data from nearly 500,000 French people on the Web

Two weeks later the first observations of the Zataz site on the online distribution of medical data from nearly 500,000 French people, and the next day an investigation by Release on the origin of this leak, the gendarme of the protection of personal data launched, Wednesday, February 24, checks to determine possible breaches of French companies.

Tuesday, The World noted that a file presented as containing sometimes very sensitive medical information of several hundred thousand French people was posted on a discussion forum regularly used to sell and buy stolen data. The Internet user disseminating this file also assured that he had sold it to a buyer several months ago.

Read also Medical data of 500,000 French people disseminated on the Web

No notification to the CNIL

The National Commission for Informatics and Freedoms (CNIL), announced Wednesday to Agence France-Presse that it was investigating the conditions of this leak. According to Release, these data would come from the files of around thirty medical analysis laboratories, mainly located in Morbihan, Côtes-d’Armor, Eure, Loiret and Loir-et-Cher.

If the extent of the leak were verified, the case would present “A particular gravity” in view of the number of victims and the sensitivity of the medical information disseminated, estimated Louis Dutheillet de Lamothe, secretary general of the CNIL, to AFP.

On Wednesday, the CNIL said it had not been notified of such a data breach by the company (s) concerned, as required within 72 hours by the European data protection regulation (GDPR). A text that provides for financial penalties in the event of recognized breaches. “If there is a high risk to the rights and freedoms of natural persons, companies must also notify individually” the victims of the leak, added Mr. Dutheillet de Lamothe.

At the same time, the National Information Systems Security Agency (Anssi) told AFP that it had identified the“Origin” of the health data leak and having reported it to the Ministry of Solidarity and Health in November 2020. “The necessary recommendations were given by Anssi to deal with the incident”, she added without giving any further details.

The World with AFP

www.lemonde.fr

Leave a Reply

Your email address will not be published. Required fields are marked *