The CNIL expects a doubling of cases of personal data breaches in 2021, she said the day after a new case of health data theft.
Read also Health pass: the CNIL recalls the need to control "alternative" reading devices
Since 2018, European legislation has required companies or institutions that process personal data to report to the CNIL or its counterparts any problem concerning this data: loss, theft, alterations ... These reports had increased by 24% in 2020 compared to 2019 , and the CNIL "
foresees an increase of 100% over the year 2021
", a representative told AFP on Thursday.
The consequences of dematerialization
The acceleration of dematerialization and digitization with the pandemic has opened up many opportunities for malicious people, and it is essential to respect
" the recommendations of the Cnil and Anssi (guardian of French IT security), he added. The healthcare sector is particularly affected by the theft of personal data. In 2020, data theft cases concerning him had already increased by 80%, according to the Cnil.
On Tuesday, the Hospitals of Paris (AP-HP) announced that the personal data of 1.4 million people had been stolen following a computer attack.
The data includes the identity, social security number and contact details of those tested, as well as the characteristics and result of the test carried out, according to the AP-HP.
Several other major health data leak cases came to light in 2021.
Read alsoEurope must accelerate in the face of cyber risk
At the beginning of September, Mediapart revealed that the Covid test results of hundreds of thousands of people were accessible online on the site of Francetest, a company that transferred the results of tests carried out in pharmacies to the government platform SI-DEP. In February, the blog specializing in cybersecurity Zataz and Liberation warned about the circulation on the internet of a file containing data from 500,000 people, including medical data such as test results or information on pathologies.
The information appeared to come from data leaks from at least 28 medical analysis laboratories that were clients of the software publisher Dedalus France. Hospitals have also suffered a wave of ransomware attacks, often accompanied by loss or theft of personal data. To prevent personal data theft, the CNIL recommends “
having people trained in risks
using data encryption during transfers
”, and “
updating software components and monitoring vulnerabilities.
To avoid their exploitation.