"France's health ministry said Friday that administrative details and medical notes on more than 15 million people had been hacked. The announcement came only days after officials warned that the details of 1.2 million French bank accounts had been hacked using the credentials of an official. The health ministry said the hack, carried in late 2025, involved information from about 1,500 medical practices who had used software made by the Cegedim Sante company."
"The data breach primarily involved patients' names, phone numbers, and postal addresses, but for 169,000 patients there were doctors' notes 'some of which may be sensitive data', the ministry said. It insisted however that no prescriptions or results of biological examinations had been involved."
"In September 2024, Cegedim Sante was fined by 800,000 euros by data protection regulators for processing health data without authorization, in violation of France's Data Protection Act and the GDPR."
France's health ministry announced that more than 15 million people's administrative details and medical notes were hacked through software made by Cegedim Sante. The breach occurred in late 2025 and affected approximately 1,500 medical practices using the company's software. Compromised data included patients' names, phone numbers, and postal addresses, with sensitive doctors' notes exposed for 169,000 patients. Prescriptions and biological examination results were not involved. This incident follows a previous 2024 fine of 800,000 euros against Cegedim Sante for unauthorized processing of health data in violation of France's Data Protection Act and GDPR. The company manages software used by approximately 25,000 medical practices and 500 health centers across France.
#healthcare-data-breach #third-party-vendor-security #patient-privacy #gdpr-compliance #medical-software-vulnerability
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]