The Paris prosecutor’s office has opened an investigation into the cyberattacks of two third-party payment operators, Viamedis and Almerys, which could constitute one of the most massive data leaks observed in France, he announced on Friday February 9.
The investigations follow complaints from the two service providers, said the prosecution, contacted by AFP. More than 33 million French people are affected by this attack, according to the National Commission for Information Technology and Liberties (CNIL).
“The data concerned are, for policyholders and their families, marital status, date of birth and Social Security number, the name of the health insurer as well as the guarantees of the contract subscribed”the policeman of digital privacy clarified in a press release on Wednesday, adding that banking and medical information relating to health reimbursements “would not be affected”.
Credential theft
Affected French people are advised to“be careful about the requests that[ils peuvent] receive, in particular if they concern reimbursements of health costs”but also “to periodically check the activities and movements on [leurs] different accounts ». It is in fact “possible that the data that was the subject of the breach is coupled with other information from previous data leaks”explained the CNIL.
The attack was carried out by the usurpation of health professionals’ identifiers and passwords. Almerys and Viamedis have not published any information to understand whether the attacks were simply intended to steal data, or whether they could have other goals such as planting ransomware.
The alert was given on 1is FEBRUARY. Viamedis, which filed a complaint with the public prosecutor, indicated that it had disconnected its management platform upon discovery of the intrusion, which did not prevent social security policy holders from benefiting from third-party payment. . Its general director, Christophe Candé, explained that it was not a ransomware attack but an intrusion into the platform. “A healthcare professional’s account was phished”he then revealed.
Almerys, for its part, declared on Wednesday that its central information system had not been affected by the cyberattack. Only sound “portal dedicated to healthcare professionals” was reached and closed, the company claimed.