The leak of French medical data takes a judicial turn.
The cybercrime section of the Paris prosecutor's office on Wednesday opened an investigation after the leak on the Internet of sensitive medical information from nearly 500,000 people in France.
The investigation, entrusted to the Central Office for the Fight against Crime Related to Information and Communication Technologies (OCLCTIC), was opened on the head of "fraudulent access and maintenance in an automated data processing system "And" extraction, possession and fraudulent transmission "of these data, said the prosecution.
AFP observed that a file comprising 491,840 names, associated with contact details (postal address, telephone, email) and a social security registration number, circulated freely on at least one forum referenced by search engines. research.
These names are sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments or pathologies (in particular HIV).
An argument between hackers
According to the Checknews section of the daily Liberation, which investigated the subject, the data came from around thirty medical biology laboratories.
They are mainly located in the north-western quarter of France.
The samples taken by these laboratories took place between 2015 and October 2020.
The Directorate General of Health said Wednesday that this leak is also the subject of investigations by "the National Agency for the Security of Information Systems (Anssi), the Ministry of Solidarity and Health, in connection with the CNIL and the software publisher, in which it is suspected that old installations of its laboratory management solution are involved ”.
The Anssi had previously stated that it had identified the "origin" of the health data leak and reported it to the Ministry of Solidarity and Health in November 2020.
According to Damien Bancal, a specialist journalist who first made the leak public on February 14 on his Zataz blog, this file was the subject of a commercial negotiation between several hackers on a Telegram messaging group specializing in the exchange of databases. of stolen data.
One of them posted it on the web after an argument.
This massive medical data leak occurs against a backdrop of cyber attacks increasingly targeting healthcare establishments.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
These hospitals, laboratories or platforms, which manage sensitive data, have become prime targets since the health crisis.
The President of the Republic, Emmanuel Macron, presented on February 18 a plan of one billion euros intended to strengthen their cybersecurity.