top cx logo
cx logo
Explorearrow down
search icon
Explore
arrow down

700,000 French pharmacy Covid test results left publicly available

Personal information including contact details and social security numbers could be accessed by all via an online platform used to transfer data from antigen tests 

A data leak involving an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made 700,000 covid test results public, along with personal information.

The platform known as Francetest was alerted to the bug in its system by the online investigative journal Mediapart and it was fixed overnight on August 27.

In the meantime, patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results were "accessible to all in a few clicks”, Mediapart said.

A chance discovery

The issue with the website was discovered when a patient with knowledge of IT tried to retrieve their test results using the link provided by their pharmacist.

Looking at the URL, she was surprised to find the open source content management system WordPress being used to manage sensitive data.

She then realised she could access files containing patient information via the URL tree and even create an account without being a pharmacist.

External controls required

On Sunday, the General Directorate of Health (DGS) sent an email reminder to pharmacists about the approved software compatible with SI-DEP, which does not include Francetest.

Cyber security expert Gérôme Billois believes external, independent control is needed to ensure certain levels of security can be maintained on these sites.

“When you go to a website, it is extremely difficult to know whether it is reliable or not. You always see the words 100% secure. The general public cannot verify that”, he told franceinfo.

“This is why there are several regulatory proposals seeking to impose a minimum level of safety and a label, like the CE label. 

“We need to achieve more and more external recognition, independent of those who created these websites”, he added.

Related articles

Medical data of 500,000 put online in France cyber attack

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
featured helpguide
Healthcare in France*
Featured Help Guide
- Understand the French healthcare system, how you access it and how you are reimbursed - Useful if you are new to the French healthcare system or want a more in-depth understanding - Reader question and answer section Aimed at non-French nationals living here, the guide gives an overview of what you are (and are not) covered for. There is also information for second-home owners and regular visitors.
Get news, views and information from France
You have 2 free subscriber articles left
Subscribe now to read unlimited articles and exclusive content
Already a subscriber? Log in now