About 500,000 confidential medical records for sale on dark web

About 500,000 confidential medical records of French citizens were exposed due to the hacking of at least 30 clinical laboratories. Committed records include full names, contact details, medical information, and passwords to access your accounts at these clinics.

To be precise, these records consist of full names, addresses, telephone numbers, email addresses and social security numbers of these patients, as well as confidential medical details such as blood type, doctor’s name assigned to each patient, insurance company and even some diagnostic data.

The compromised information was posted on multiple illegal hacking sites hosted on dark web.

Local media mention that filtration comes from about 30 clinical laboratories located in the northern region of France. Everything indicates that these laboratories used the same collection and storage software. The compromised records would have been collected and loaded to these platforms between early 2015 and the end of 2020.

The compromised logs were first identified a couple of weeks ago in Zataz, a malicious hacking forum. Information security researchers were able to verify that the information was for sale among the cybercriminal community. This incident is already being investigated by the National Commission on Information Technology and Liberties (CNIL), the French government institution in charge of the implementation of the Data Privacy Act.

Through its official Twitter account, the Commission issued a message related to this incident, acknowledging the leak and reaffirming its commitment to enforce privacy and data protection legislation in France.

This practice is becoming a trend for the health industry in France, as other similar incidents have been reported in the most recent weeks. In response, the French government reports the issuance of a package of at least $1 billion for the implementation of incident prevention and response measures.

The investigation is still ongoing but, if the scope of this incident is confirmed, experts believe it could have disastrous consequences for the citizens concerned, considering the nature of the information compromised and the context in which the leak occurred. The French authorities even contemplate the possibility that these recent attacks may have dark political motivations or be an incident driven by foreign threat actors. 

To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.