The Paris public prosecutor’s office has opened an investigation into the cyberattacks of two third-party payment providers, Viamedis and Almerys, which could represent one of the most massive data breaches observed in France, he announced on Friday, February 9.
The investigation was based on complaints from the two service providers, the public prosecutor’s office said at the request of the AFP news agency. More than 33 million French people are affected by this attacksaid the National Commission for Information Technology and Freedoms (CNIL).
“For policyholders and their families, the data affected includes marital status, date of birth and social security number, the name of the health insurer and the guarantees of the contract concluded.”said Wednesday in a press release the digital privacy watchdog that adds this information to bank, medical and healthcare reimbursements “would not be affected”.
Affected French people are advised to do so“Be careful with the requests[ils peuvent] received, especially when it comes to the reimbursement of healthcare costs.”but also “To regularly review activities and movements [leurs] various accounts ». That’s actually it “It is possible that the data that was the subject of the breach is linked to other information from previous data breaches.”explained the CNIL.
The attack was carried out by usurping the identifiers and passwords of healthcare professionals. Almerys and Viamedis have not released information indicating whether the attacks were simply aimed at stealing data or whether they could have other goals, such as planting ransomware.
The warning was issued on January 1stum FEBRUARY. Viamedis, which filed a complaint with the prosecutor’s office, said it shut down its management platform after discovering the interference, which does not prevent social security recipients from benefiting from third-party payments. Its general director Christophe Candé explained that it was not a ransomware attack, but an intervention in the platform. “The account of a medical professional was faked”he then revealed.
Almerys, in turn, said on Wednesday that its central information system was not affected by the cyber attack. Just sound “Portal for medical professionals” was reached and closed, the company claimed.
