2024-02-08 11:27:15
Viamedis and Almerys announced in recent days that they had been victims of a computer hack: between them, these companies provide the third-party payment mechanism on behalf of the supplementary health insurance of several million social security holders in France. In a press release published Wednesday February 7, the National Commission for Information Technology and Liberties (CNIL), the policeman of personal data, specified that “this data leak concerns more than 33 million people”.
However, the exact extent of this compromise remains very unclear: at this stage, it is not possible to say how many policyholders have had their data recovered by the hackers. This figure of « 33 millions » is indeed an estimate. “At first glance, it appears that this volume represents the actual number of people whose data was compromised during the attack. The people concerned are those who are insured and whose names appear on the complementary health cards, this can be the main subscriber as well as the members of his family insured with him.specifies the CNIL, requested by The world.
“This volume may be revised upwards or downwards once the CNIL has completed its investigations, which are still in progress at this stage”however, we qualify from the same source, specifying that “the organizations affected by the attack are currently working to resolve the incident in order to have all the necessary elements”. “For the moment, Almerys does not have the exact number of beneficiaries impacted by the exfiltration of personal data”confirms, for her part, a spokesperson for the organization, requested by The world.
“This volume may be revised upwards or downwards”
The investigation carried out by the CNIL will also have to verify whether the security measures were sufficient, a requirement of personal data law. At the same time, criminal complaints were filed by the victim companies.
Read also | Hacking of Viamedis and Almerys: health data of more than 33 million people affected, according to the CNIL
Add to your selections
As the control body points out, this legal framework also requires complementary health insurance to inform “individually and directly” people whose data has been leaked. You will therefore have to watch for a message from your mutual insurance company, which could arrive in the coming days, or even the coming weeks, so that each social insured person can know if their data has been recovered by hackers.
The data concerned is not the most sensitive: the CNIL and the two third-party payment platforms specify that neither banking information nor strictly medical data, nor telephone numbers or email addresses are concerned. The information that the pirates were able to steal is, however, detailed: “Marital status, date of birth and Social Security number, name of the health insurer as well as the guarantees of the contract subscribed”specifies the CNIL.
This information can above all allow hackers to make possible hacking or fraud attempts more targeted, more credible and therefore more dangerous. Indeed, “although contact data is not affected by the violation”as the CNIL also points out, it is easy for hackers to combine the information collected with other stolen data to target victims with fraud attempts.
And this is especially true since the health sector – a subject which concerns all French people, sometimes central and frequently a source of concern – is widely used by scammers. Who has not received, on their mobile phone, a message allegedly sent by Health Insurance demanding the updating of their Vitale card or claiming a reimbursement to be made urgently? This type of message generally serves as bait to convince targeted people to provide their bank card number.
Basic precautions can be taken
While waiting to learn more about the number of people actually affected by the cyberattack targeting Viamedis and Almerys, one main precaution is necessary. You should be vigilant regarding messages (SMS and e-mails) appearing to come from health organizations (Ameli, complementary health). If they ask for credit card details, for example, it’s a scam. If in doubt, do not hesitate to contact the organization directly using its internal messaging or the publicly accessible telephone number.
Read on the subject: Beware of email and SMS scams, the number of which has increased in recent months
Add to your selections
The CNIL also recommends monitoring your accounts within your mutual insurance company or the Ameli site, in order to spot any suspicious changes (modification of personal information, change of password, etc.). Other digital security tips obviously remain relevant, such as using strong and different passwords for each service.
#Cyberattack #Viamedis #Almerys #precautions