Europe 1 with AFP 6:41 p.m., August 31, 2021

Mediapart revealed on Tuesday that the personal data and test results of thousands of people have been made accessible after a computer breach. The names, surnames, dates of birth, addresses, phone numbers, social security numbers and email addresses, as well as the test results of 700,000 people were available until Friday.

A flaw on a site transmitting the results of Covid-19 tests carried out in pharmacies to the government platform made the personal data and test results of thousands of people accessible, Mediapart revealed on Tuesday.

The surnames, first names, dates of birth, addresses, telephone numbers, social security numbers and e-mail addresses, as well as the results of the tests of 700,000 people were available until Friday thanks to "a password findable, in clear, in a file accessible to all "on the Francetest site, writes the information site.

Francetest is a company founded last January which specializes in the transfer of data from Covid tests carried out in pharmacies to the SI-DEP platform.

A "not very ergonomic" platform

The SI-DEP (screening information system) is a secure platform where the results of Covid-19 tests are systematically recorded in order "to ensure that all positive cases are well taken care of" and to identify cases contacts, explains the Ministry of Health on its site.

This platform, "manufactured by the AP-HP (Assistance publique-Hôpitaux de Paris) in an emergency in December (...) is not very ergonomic", explains Philippe Besset, president of the Federation of Pharmaceutical Unions of France (FSPF) .

Result: many pharmacists use intermediaries to enter the results of the tests carried out in the SI-DEP.

Francetest thus charges one euro per transmission, according to Mediapart.

Investigations launched

On Sunday, the Directorate General of Health (DGS) sent an email to pharmacists to remind them of the software approved and compatible with the SI-DEP, of which Francetest is not part. "We have been alerting the authorities for weeks and weeks to these companies which present themselves as labeled and make it easier for pharmacists to go to the SI-DEP", points out Philippe Besset.

"We absolutely need the authorities to provide us with a tool allowing us to transmit data to the SI-DEP with our business software, which is safe and approved," he insisted, specifying that even software authorized by the DGS no were not sufficiently secure. Informed by an "anonymous report", the Cnil, French gendarme of personal data, told AFP that it had launched investigations. Francetest, for its part, was not immediately reachable.