Viamedis and Almerys announced in the last few daysVictims of computer hacker attacks: These companies jointly provide the third-party payment mechanism on behalf of the supplementary health insurance of several million social security beneficiaries in France. In a press release on Wednesday, February 7thclarified the National Commission for Information Technology and Freedoms (CNIL), the police of personal data “This data breach affects more than 33 million people”.

However, the exact extent of this compromise is still very unclear: It is currently impossible to say how many policyholders had their data stolen by the hackers. This number of “33 million” is actually an estimate. “At first glance, it appears that this amount represents the actual number of people whose data was compromised during the attack. Those affected are those people who are insured and whose names are listed on the supplementary health insurance card, this can be the main subscriber and the family members insured with him, Specifies the CNIL requested by The world.

“This level may be revised up or down once the CNIL has completed its investigations, which are currently ongoing.”However, we qualify from the same source and state this “The organizations affected by the attack are currently working to resolve the incident in order to have all the necessary elements in place.”. “At the moment, Almerys does not have the exact number of beneficiaries affected by the exfiltration of personal data.”A spokeswoman for the organization confirmed on request The world.

“This band can be adjusted up or down”

The investigation carried out by the CNIL must also verify whether security measures were sufficient, a requirement of data protection law. At the same time, criminal complaints were filed by the victim companies.

As the control body emphasizes, this legal framework also requires supplementary health insurance companies to inform them “individual and direct” People whose data has been leaked. You must therefore make sure that a message is received from your mutual insurance company in the next few days or even in the next few weeks so that everyone on social security knows whether their data has been confiscated.

The data in question is not the most sensitive: the CNIL and the two third-party payment platforms indicate that neither banking details nor purely medical data, nor telephone numbers or email addresses are affected. However, the information that the pirates were able to capture is detailed: “Marital status, date of birth and social security number, name of the health insurer and the guarantees of the concluded contract”indicates the CNIL.

Above all, this information can enable hackers to make possible hacking or fraud attempts more targeted, more credible and therefore more dangerous. As a matter of fact, “although contact details are not affected by the breach”As the CNIL also points out, it is easy for hackers to combine the collected information with other stolen data to target victims with fraud attempts.

And this is all the more true since the health sector – an issue that affects all French people, is sometimes central and often a cause for concern – is often exploited by fraudsters. Who hasn’t received a message on their cell phone, supposedly sent by their health insurance company, asking them to update their Vitale card or request an urgent refund? This type of message is generally used as a lure to convince targets to provide their bank card number.

Basic precautions can be taken

While we wait to learn more about the number of people actually affected by the cyberattack on Viamedis and Almerys, an important precaution is needed. You should be alert to messages (SMS and emails) that appear to come from healthcare organizations (Ameli, Complementary Health). For example, if they ask for credit card details, it is most likely a scam. If in doubt, do not hesitate to contact the organization directly via its internal messages or the publicly available telephone number.

The CNIL also recommends monitoring your accounts with your mutual insurance company or on the Ameli website to detect any suspicious changes (change of personal data, change of password, etc.). Of course, other digital security tips remain relevant, such as using strong and different passwords for each service.