French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
Though the company's website remains offline at the time of writing, an announcement was
posted on LinkedIn warning of the data breach.
The data exposed in the attack includes a beneficiary's marital status, date of birth, social security number, name of health insurer, and guarantees open to third-party payment.
The company has clarified that the breached systems did not store people's banking information, postal details, telephone numbers, and email addresses.
For healthcare professionals, Viamedis says they will be sending different notifications about what data was exposed.
Viamedis has informed impacted health organizations, filed a complaint with the public prosecutor, and notified the authorities (CNIL, ANSSI) accordingly. Currently, the company continues to investigate the impact of the cyberattack.
Regarding the scale of the breach, Viamedis has not stated the number of exposed individuals, but it is known that it manages payments for 84 healthcare organizations covering 20 million insured individuals.
The firm's General Director, Christophe Cande,
told Agence France-Presse (AFP) that an investigation is underway to determine the scope of the breach.
"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation." - Cande (GD Viamedis)
Cande has also clarified that the cyberattack wasn't ransomware. Instead, he said a successful phishing attack on an employee allowed the threat actor to breach its systems.
