We know more about the scale of the gigantic piracy that resulted in the leak of half a million medical files in France.
The publisher of software for healthcare establishments Dedalus France said on Friday that it had identified 28 laboratories located in 6 departments in the Brittany, Center-Val-de-Loire and Normandy regions: Côtes-d'Armor (22), Eure (27) , Ille-et-Vilaine (35), Loire-et-Cher (41), Loiret (45), Morbihan (56).
"Dedalus France confirms that it is investigating a serious act of cybercrime that led to the data breach of some of its laboratory customers," the company said in its press release.
The company informed the laboratories and “is cooperating with the competent authorities to determine the sources of this cyberattack.
"
The blog specialized in cybersecurity Zataz spotted and revealed on February 14 the existence of a file containing the personal and private data of nearly 500,000 French patients on a Telegram group acting as a "black market" dedicated to the resale of stolen databases.
491,840 names and precise contact details
Tuesday evening, following an investigation by the daily Liberation, AFP was able to verify that such a file circulated freely on at least one forum referenced by search engines.
According to the author of the Zataz article, Damien Bancal, the file is now available in seven different locations on the Internet.
It was allegedly put online for free (and therefore deprived of its market value) by one of the hackers following an argument.
It contains precisely 491,840 names, associated with contact details (postal address, telephone, email) and a social security registration number.
In particular, these names are sometimes accompanied by indications on the blood group, the doctor or the mutual, or comments on the state of health (including a possible pregnancy or infertility), drug treatments, pathologies (in particular the HIV).
According to Liberation, they correspond to samples taken between 2015 and October 2020, a period which coincides for the laboratories questioned with the use of the same software for entering medico-administrative information, edited by the Dedalus group.
The National Information Systems Security Agency (Anssi) says it identified at the time the "origin" of the health data leak, and reported it to the Ministry of Solidarity and Health in November 2020. Wednesday, a judicial inquiry was opened.
It was entrusted to the Central Office for the Fight against Crime Related to Information and Communication Technologies (OCLCTIC).