Threat actor sells data of over 750,000 patients from a French hospital
November 21, 2024
A threat actor had access to electronic patient record system of an unnamed French hospital, and the health data of 750,000 patients was compromised.
An unnamed French hospital suffered a data breach that impacted more than 758,000 patients, a threat actor had access to the electronic patient record system of the organization.
The threat actor claims that exposed records include name, first name, date of birth, gender, address, city, postal code, phone number(s), and email. The stolen data also includes medical information such as attending physicians, prescriptions, death declarations, external Identifiers, and health card history.
Bleeping Computer reported that a threat actor using the moniker ‘nears’ (previously near2tlg) claimed to have had access to patient records of over 1,500,000 people following the hack of multiple healthcare organizations in France.
near2tlg announced on Breachforums cybercrime forum the sale of access to the MediBoard platform used by multiple French hospitals. According to the post, stolen data includes sensitive healthcare and billing data, patient records of multiple French hospitals, such as Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d’Arc, Clinique Saint-Isabelle, and Hôpital Privé de Thiais.
It appears to be a supply chain attack, the hacker breach compromised the MediBoard platform provided by Softway Medical Group, which offers Electronic Patient Record (EPR) solutions to European healthcare organizations.
Softway Medical Group disclosed a security breach, stating attackers accessed a hospital’s data using stolen credentials. They clarified the compromised data was hosted and managed by the hospital, absolving their software of responsibility for the breach.
Below is the statement provided by the company:
“The Softway Medical Group wishes to provide clarifications regarding the recent cyberattack mentioned in certain press articles. This attack targeted a healthcare establishment that is a client of the group, but the compromised data was not hosted by the Softway Medical Group and the Mediboard software is not implicated.
On November 19, 2024, a cyberattack was detected within a healthcare establishment using our MediBoard software. We wish to clarify that the health data concerned was not hosted by the Softway Medical Group.
As soon as the attack was authenticated and validated in the morning, our teams immediately informed the client concerned. We have mobilized our operational, technical teams and the IT department to support the client in the process of securing their solution.
At this time, our in-depth investigations, still ongoing, confirm that our MediBoard software is not implicated in this cyberattack. The Softway Medical Group reaffirms its commitment to the security and integrity of the solutions it offers. We remain available to answer any further questions and to provide additional information if necessary.”
The exposure of medical data puts patients at risk of identity theft, fraud, phishing, and extortion. It can lead to stigma, discrimination, and emotional harm. Altered records may cause misdiagnoses or medical errors. Patients also face financial losses and compromised privacy.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, French hospital)