Security News Data breach at French healthcare services firm puts millions at risk

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.

Though the company's website remains offline at the time of writing, an announcement was posted on LinkedIn warning of the data breach.

The data exposed in the attack includes a beneficiary's marital status, date of birth, social security number, name of health insurer, and guarantees open to third-party payment.

The company has clarified that the breached systems did not store people's banking information, postal details, telephone numbers, and email addresses.

For healthcare professionals, Viamedis says they will be sending different notifications about what data was exposed.

Viamedis has informed impacted health organizations, filed a complaint with the public prosecutor, and notified the authorities (CNIL, ANSSI) accordingly. Currently, the company continues to investigate the impact of the cyberattack.

Regarding the scale of the breach, Viamedis has not stated the number of exposed individuals, but it is known that it manages payments for 84 healthcare organizations covering 20 million insured individuals.

The firm's General Director, Christophe Cande, told Agence France-Presse (AFP) that an investigation is underway to determine the scope of the breach.

"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation." - Cande (GD Viamedis)

Cande has also clarified that the cyberattack wasn't ransomware. Instead, he said a successful phishing attack on an employee allowed the threat actor to breach its systems.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
The company said the exposure includes names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment.

No banking information, email addresses, postal details, or telephone numbers were exposed, as Viamedis said it does not store this type of data on the breached systems.

The company serves 20 million insured individuals through the 84 healthcare organizations that use its services, but it opted not to disclose how many of them were impacted by the incident, saying that this is under investigation.

The breach on Almerys was initially reported by local news outlets citing anonymous sources, and the firm is yet to release an official statement on the incident.

However, the data protection authority in France (CNIL) has now confirmed both data breaches and says that the attacks impacted 33 million people in the country.
 
  • +Reputation
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top