Loss, theft, alterations ... The CNIL expects a doubling of cases of personal data breaches in 2021, she said the day after a new case of theft of health data, which occurred at the AP- HP

Since 2018, European legislation has required companies or institutions that process personal data to report any problem with this data to the CNIL or its counterparts.

These reports had increased by 24% in 2020 compared to 2019, and the CNIL "forecasts a 100% increase over the year 2021", said a representative.

The health sector particularly affected

"The acceleration of dematerialization and digitization with the pandemic has opened up many opportunities for malicious people, and it is essential to respect" the recommendations of the Cnil and Anssi (guardian of French IT security), he added.

The healthcare sector is particularly affected by the theft of personal data.

In 2020, data theft cases concerning him had already increased by 80%, according to the Cnil.

On Tuesday, the Hospitals of Paris (AP-HP) announced that the personal data of 1.4 million people had been stolen following a computer attack.

The data includes the identity, social security number and contact details of those tested, as well as the characteristics and result of the test carried out, according to the AP-HP.

Multiplication of data breach cases

Several other cases of major health data leaks came to light in 2021. In early September, Mediapart revealed that the Covid test results of hundreds of thousands of people were available online on the site of Francetest, a company that transfers results of tests carried out in pharmacies to the government platform SI-DEP.

In February, the blog specialized in cybersecurity Zataz and Liberation warned about the circulation on the Internet of a file containing data from 500,000 people, including medical data such as test results or information on pathologies.

The information appeared to come from data leaks from at least 28 medical analysis laboratories that were clients of the software publisher Dedalus France.

Hospitals have also suffered a wave of ransomware attacks, often accompanied by loss or theft of personal data.

To prevent personal data theft, the CNIL recommends “having people trained in risks”, “using data encryption during transfers”, and “updating software components and monitoring vulnerabilities. To avoid their exploitation.


Coronavirus: Paris Hospitals victims of massive theft of test health data


Leakage of medical data: Twenty-eight laboratories would be affected in six departments

  • By the Web

  • Personal data

  • Health

  • Piracy

  • CNIL

  • Cybersecurity

  • APHP

  • Flight

  • Cyber ​​attack