The health data of more than half a million people in France have been stolen from insurance body l’Assurance maladie after the accounts of healthcare staff were hacked.
The 19 accounts, mainly belonging to pharmacists, were hacked after their email addresses were compromised.
Data stolen include the names, surnames, date of birth, social security numbers, GP details, and levels of reimbursement for at least 510,000 people.
However, no contact details (such as telephone numbers or addresses) were stolen, nor were any bank details, nor information on health conditions or medication, said la Caisse nationale d'assurance maladie (Cnam).
The attack was noticed at the “end of last week”, the Cnam said in a statement.
It said that “non-authorised persons” accessed “Amelipro [professional Assurance maladie] accounts after their email addresses were compromised”.
It added that the hackers had likely found the account passwords on the “dark web”, a section of the web that does not show up in normal browsers or search engines, and is often associated with criminal activity.
The Assurance maladie has now made a formal complaint, and all of those affected will be “informed individually” within the next few days, the agency said.
It comes soon after people in France were warned about a scam concerning carte Vitale healthcare cards. Some people reported receiving emails and texts that appeared to be genuine, asking them to renew their expiring card, and to enter their details into a form to do so.
L’Assurance Maladie has confirmed that “there is no campaign for people to get a new carte Vitale”. All messages alluding to this are, therefore, extremely likely to be scams.
If in doubt, do not click any links or fill in any forms, nor enter any bank details or data.
Public interest group l’Action contre la cybermalveillance (ACYMA) warned: “[The real Assurance maladie] will never ask you to confirm your identity or your bank details to send you a carte Vitale.”