The data of more than 33 million people was compromised during the cyberattack targeting the operators Viamedis and Almerys, which manage third-party payments for complementary health insurance, the CNIL announced on Wednesday.
“The data concerned are, for policyholders and their families, marital status, date of birth and social security number, the name of the health insurer as well as the guarantees of the contract subscribed
,” said in a press release the digital privacy watchdog, adding that banking information, medical data or health reimbursements
“would not be affected”
.
Intrusion into the platform
The CNIL, which will
“conduct investigations very quickly”
to verify whether the security measures of these operators were in compliance with their obligations, also calls on each of the complementary parties using Viamedis and Almerys to inform
“individually and directly”
all of their policyholders affected by this data breach.
She warns that she will ensure this is done
“as quickly as possible”
.
At the beginning of February, Viamedis, which filed a complaint with the public prosecutor, indicated that it had disconnected its management platform upon discovery of the intrusion, which did not prevent social security policy holders from benefiting from third-party payment. Its director general, Christophe Candé, explained that it was not a ransomware attack but an intrusion into the platform.
“The account of a healthcare professional was phished
,” he then revealed.