France’s regulator announced Thursday, February 25, 2021, that it is currently investigating a data leak of approximately half a million people after the medical data of these individuals has been found online.
According to France 24, the cybersecurity incident was initially discovered by a security researcher from Zataz, Damien Bancal. The researcher detailed the findings on his blog. The news site states Bancal found the document on Telegram, an encrypted messaging system.
Based on the findings of the security researcher, Bancal said that the leaked files were found in a Telegram group made primarily to accommodate the sale of hacked and stolen databases. Later on, however, Bancal found that the database containing the private medical information has been posted on the web.
Senior analyst David Sygula from CybelAngel said the breaches occurred throughout the years, from 2015 until October of 2020.
In a statement to Bloomberg, Sygula remarked that “This is [a] most serious leak of personal, intimate health data we’ve seen on the dark web so far. The data was released in one file this month, we believe.”
The database reportedly contained around 491,840 patients' names. Apart from this, the database also included the address of the said patients, alongside their telephone numbers, email addresses, dates of birth, and Social Security numbers, notes Info Security Magazine.
In addition, highly confidential information was also found on the database, including the HIV, pregnancy, and or fertility status of French residents. The blood type or the blood group an individual belonged to was also identified in some cases.
The GP, health insurance provider, as well as the medical treatments of the patients, have also been compromised.
Liberation reports that the massive data leak stemmed from 30 medical laboratories, most of which are located in the northwestern quarter of France.
Malicious hackers may have gained access to the various companies involved through software made by Dedalus France, notes Bloomberg. The news site states that the app created by Dedalus is primarily used for testing in medical laboratories.
In response to the allegations, Dedalus France said that it is looking into the data security incidents. It also said that its software is no longer in production. By extension, Bloomberg notes that maintenance and updates have also stopped.
Following the massive data leak and the probe is launched, the French privacy watchdog said that the 30 companies involved in the incident are required to participate and provide more details about the breach, otherwise they would be required to pay heavy fines, states Bloomberg.
