Millions at risk of fraud after massive health data hack in France

A company that manages the third-party payments for 84 top-up providers has had its data stolen

The hack is thought to concern the names and social security numbers of millions of people
Published Last updated

Millions of people are at risk of fraud after a data breach at a company that manages the third-party payments for 84 top-up insurance providers.

Viamedis, whose systems the third-party payments for over 20 million people, announced the data breach on February 2. Its clients include Carte Blanche Partenaires, Itelis, Kalixia and Santéclair among many others.

“To date, we do not know precisely how many people have been affected, the matter is still under investigation,” Viamedis CEO Christophe Candé told AFP.

What data has been hacked?

The leak contains sensitive information that scammers can use for phishing attempts, including individuals’:

  • Name
  • Civil status
  • Date of birth
  • Social security number
  • Name of insurance provider
  • Payment rights for ongoing treatment.

“No bank information, postal addresses, phone numbers or emails were concerned by this act of piracy,” said Viamedis in its statement.

Viamedis says that the hacked program has been disconnected, which might impact third-party payments with opticians and hearing aid specialists.

However, the company says that most people should be able to use their carte Vitale and third-party payment card as normal.

Viamedis has filed a police complaint over the matter and officially informed the French data protection watchdog Commission nationale de l’informatique et des libertés, as is required in such instances of data breaches.

Read more: Seven much-used scams to watch out for in France

What can I do to stay safe?

While the scammers did not glean any email addresses or telephone numbers from the Viamedis breach, they can easily cross reference the leaked data with information from other sources.

They will likely use this information to create a profile of individuals to mark-out for ‘targeted phishing’ attempts, whereby scammers pose as a bank or insurance company and try to convince people to pay for unexpected costs, premiums, fines, or forgotten debts.

The advice for people concerned about their data is to avoid responding to emails and phone calls, but rather to call organisations directly using the contact details available from official sources.

Read more

This online tool helps you guard against identity theft in France

Claiming free or cheaper top-up French health insurance to get easier