Health data: 33 million French people affected by hacking, an open investigation
This Friday, February 9, the Paris prosecutor's office indicated that it had opened an investigation into the recent cyberattacks suffered by two third-party payment operators, Viamedis and Almerys, perhaps the most massive recorded to date in France.
Pieces of computer code found in the WannaCry virus are the same as those identified in other viruses attributed to hackers suspected of being linked to North Korea. REUTERS/Kacper Pempel/Illustration/File Photo
By: RFI Follow
Advertisement
Read more
Data theft
affects
more than 33 million French people, according to estimates from the National Commission for Information Technology and Liberties (Cnil). Viamedis (subsidiary of Malakoff supplementary health insurance companies Humanis and Vyv) and Almerys (independent Be-Ys group) are third-party payment operators on behalf of supplementary health insurance companies. These allow health professionals (pharmacists, opticians in particular) to verify that their client is a member of complementary health insurance and is entitled to third-party payment. Almerys thus boasts 230,000 affiliated health professionals. The complaints filed by the two companies led to the opening of a preliminary investigation, indicated, on February 9, 2024, the anti-cybercrime section of the Paris prosecutor's office, contacted by AFP.
An “
aspiration of display pages
”
According to the information known to date, the figure of 33 million French people affected is based on the number of people that Viamedis and Almerys had referenced, and not on the number of people whose data was actually copied. There may also be duplicates, a specialist told AFP.
The attacker(s) managed to get their hands on “pairs” of identifiers and passwords of healthcare professionals. According to Almerys, once connected, the attackers were able to “suck up
the display pages
” of social security insured persons eligible for third-party payment, using “
a bot
», an automated procedure. The attack allegedly took place from “
two IP addresses
” which were “
identified
”.
The investigations, which are entrusted to the Cybercrime Brigade of the judicial police, relate to the offenses of breach of an automated data system, fraudulent collection of personal data and concealment of a crime. According to the CNIL, “
the data concerned are, for policyholders and their families, marital status, date of birth and social security number, the name of the health insurer as well as the guarantees of the contract subscribed
”. But they do not
a priori
contain crucial information for hackers such as banking information, medical data, health reimbursements, postal details, telephone numbers, emails.
Setting up phishing attacks
However, if this digital information is crossed with other files by hackers with a good level of organization, it can nevertheless be used to mount phishing
attacks
. The hacker will have at his disposal information allowing him to establish his credibility in the eyes of his victim. At the beginning of February 2024, one of the two operators targeted, Viamedis, indicated that it had disconnected its management platform upon discovery of the intrusion, which did not prevent social security policy holders from benefiting from third-party payment.
(
With AFP
)
Also readCybercrime: artificial intelligence also delights hackers
Newsletter
Receive all the international news directly in your inbox
I subscribe
Follow all the international news by downloading the RFI application
Share :
Continue reading on the same themes:
Cybercriminality
Internet
France
Crime
Company