Paris hospitals victims of massive theft of test health data



“Following a computer attack”, the personal data of around 1.4 million people, who tested for Covid-19 in Ile-de-France in mid-2020, were stolen, a Public Assistance – Paris Hospitals (AP-HP) announced this Wednesday.

This attack was “carried out during the summer and confirmed on September 12,” the AP-HP said in a statement, which added that it had lodged a complaint on Wednesday with the Paris prosecutor. The facts were also reported to the National Commission for Informatics and Freedoms (Cnil) and the National Information Systems Security Agency (Anssi).

A hacked file sharing service

The hackers did not target the national file of screening tests (SI-DEP) but “a secure file sharing service”, used “very occasionally in September 2020” to transmit to Health Insurance and agencies regional health authorities (ARS) information “useful for” contact tracing “”.

These data include “the identity, the Social Security number and the contact details of the people tested”, as well as “the identity and contact details of the healthcare professionals taking care of them, the characteristics and the result of the test carried out”, but do not contain “any other medical data”.

Data subjects informed

In total, “the stolen files concern about 1.4 million people, almost exclusively for tests carried out in mid-2020 in Ile-de-France”, specifies the AP-HP, ensuring that those concerned “will be informed individually in the next days “.

The institution recognizes that “the theft could be linked to a recent security flaw in the digital tool” that it uses for file sharing, to which “access was immediately cut off pending the end of the investigations”. The latter “are continuing to determine the origin and modus operandi of this attack”. The Ministry of Health said it had also “decided to file a complaint”, “so that all the light is shed on this leak, its consequences, and that all the necessary measures are taken so that such an event does not happen again. “.



Source link