The National Health Insurance Fund (Cnam) suffered a computer attack which included the computer accounts of 19 health professionals and the theft of administrative data of more than 500,000 policyholders.
The institution clarified that the health professionals concerned were mostly pharmacists and concluded that the hackers had probably “retrieved their usernames and passwords from the dark web, which allowed them to directly access or reset the accounts”. They then seized identity data (surname, first name, date of birth), social security numbers and information on rights (attending doctor, 100% coverage) “of at least 510,000 policyholders”.
However, the hacked files did not contain any contact details (address, telephones), nor banking information, nor data on the disease or the consumption of care. As soon as the attack was detected, due to abnormal requests from the Infopatient site, the Cnam immediately banned the IP addresses used for connections. The accounts of healthcare professionals whose identifiers had been compromised have been reset “. The Cnam, which has already lodged a criminal complaint and sent a notification to the CNIL (National Commission for Computing and Liberties), indicates that the 510,000 policyholders affected by this data theft will be individually notified of ” this incident “. They will also be made aware of the increased risk of phishing they could be subject to ».
Read also: “Phishing” scams call for renewal of your vital card
This attack comes at a bad time knowing that the Cnam encourages its users to register on My health space, a new service which would centralize all the medical information of its policyholders (visits to the general practitioner, hospitalizations, vaccination course, etc.), this space could also understand later ” prescriptions and results of medical examinations ».
This episode therefore demonstrates the limit of all digital » and the centralization of all data in the same server which constitutes easy prey for hackers of all kinds.