Major data breach at healthcare provider puts millions of customers at risk
A phishing attack resulted in a major data breach at a French firm
A French company that handles payments for health insurance firms suffered a major data breach that possibly put sensitive information of millions of people at risk.
Viamedis announced the breach on its LinkedIn page, as its website is offline - and at press time, the website was still unavailable.
As per the announcement, machine-translated from French, unnamed threat actors breached Viamedis and stole client personal information including marital status, date of birth and social security number, name of their health insurer and guarantees available to third-party payers.
Disconnecting the platform
“Neither bank information, nor postal address, nor telephone number, nor email are affected by this malicious act,” the company confirmed in the announcement. As for health data, fewer than 50 beneficiary invoices have been breached, which contain details on medical transport only (taxi and ambulance).
Viamedis did not state how many people were affected by the breach, but it did confirm that it manages third-party payments for 84 complementary health insurance companies which when combined, service 20 million people.
As soon as the data breach was spotted, Viamedis disconnected its third-party payment management platform.
“Beneficiaries will be able to continue to use their carte vitale and their third-party payment card, the temporary disconnection from the Viamedis platform will only have an impact on certain health professionals, in particular opticians and audioprosthetists,” it said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Speaking to Agence France-Presse (AFP), Viamedis General Director, Christophe Cande, said the attack wasn’t ransomware, but rather a successful phishing attack against one of the company’s employees.
"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation,” Cande said.
Viamedis filed a complaint with the public prosecutor, and notified other relevant authorities. For healthcare professionals, it said it would notify them on the details of exposed data later.
Via BleepingComputer
More from TechRadar Pro
- One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.