December 4, 2024
750,000 Sufferers’ Medical Data Uncovered After Knowledge Breach at French

Once we take into consideration our knowledge being leaked onto the web, we regularly image it as our monetary data, our passwords, our names and addresses… what’s much less typically thought of is the publicity of our personal medical info.

A French hospital has discovered itself within the unenviable place of studying that hackers have gained entry to the medical data of over 750,000 sufferers following a cyber assault. 
A hacker calling themselves “nears” claims to have compromised the techniques of a number of healthcare services throughout the nation, claiming to have gained entry to the data of over 1.5 million folks.

In line with “nears”, the safety breach was made attainable after they gained unauthorised entry to Mediboard, an digital affected person file (EPR) system utilized by many hospitals throughout Europe.

Softway Medical Group, the builders of Mediboard, has confirmed {that a} malicious hacker did reach compromising a Mediboard account however declared that the safety breach was not the results of a misconfiguration or software program flaw however as a substitute by the theft of login credentials utilized by the unnamed hospital.

In a letter shared with French journalists, Softway Medical Group mentioned the assault was detected inside a healthcare facility utilizing Mediboard on November 19 2024, and emphasised that the stolen knowledge was not hosted by Softway.

As Bleeping Pc reports, the purported stolen data of 758,912 sufferers consists of: 

  • Full names
  • Dates of start
  • Gender
  • Residence addresses
  • Cellphone numbers
  • E-mail addresses
  • Doctor particulars
  • Prescription histories
  • Well being card utilization info

Posting on an underground web site, “nears” has supplied on the market entry to the Mediboard platform for different hospitals in France, claiming that purchasers would be capable to view delicate healthcare and billing info, schedule appointments, and modify affected person data.

On the time of writing, there isn’t a proof that anybody has bought the information, though the hacker claims to have shared data with three potential patrons.

There are clearly severe dangers from delicate info like this falling into the fingers of cybercriminals. The risk that the information may nonetheless be leaked on-line stays (no matter whether or not a purchaser is discovered or not), and sufferers may doubtlessly be uncovered to id theft, phishing, and social engineering assaults from fraudsters and scammers.

Make sure that to examine Tripwire’s recommendation and options for serving to healthcare establishments shield affected person knowledge and guarantee compliance with regulatory requirements.


Editor’s Notice: The opinions expressed on this visitor writer article are solely these of the contributor and don’t essentially mirror these of Tripwire.