Medical data: Hundreds of French patients see their data given on the Dark Web
In a recent report published on 22 February, the French company specializing in cyber, CybelAngel highlighted the commercialization of pirated medical data.
The key to this report is the marketing of a file containing apartment data to nearly 500,000 patients of French origin according to Challenges.
The published report sets out three examples in which one can find in forums of French, Russian or Anglophone hackers, or a database such mentioned above is in heavy circulation. Report states in these terms that what is most surprising in all this is the presence of "500,000 French hospital data put online for free, whereas it could bring in several thousand euros. ». Apparently it was a document that consisted mainly of: "name, first name, email address, telephone number and patient health data (social security number, blood type, treating physician, etc.)", and also several medical examinations carried out by patients.
This article will also interest you: Medical data leaks: check if you are affected by the massive leakage of health data
In fact, it was people who had bought this data beforehand, who then went back online for the purpose of reselling it. The original supplier in view of this then decides to publish them for free. "Sharing will continue as long as some people sell what they bought me," he notes.
According to CybelAngel, there is a good chance that files that have been put up for sale contain data that may have been recovered during the attacks on several hospitals and mutuals, namely the National Hospital Mutual
"I understand that personal data can be interesting for advertising targeting. But I don't really see what they can do with social security numbers, blood type, etc… Would anyone have any idea of the real interest that people/groups/companies can find in buying this? " stresses a security expert. It can be used to do well-crafted phishing.
Someone who has a lot of very personal info that normally only a hospital or doctor owns can quite easily pass himself down as someone you trust.
Like, "Hello, Mr. X, do you have the No. XXX social security number? you made such a medial act on January 12, but we have a problem with the accounting, it lacks 100 …" ». Explains the latter. It won't work for sure, but statistically, it's probably more efficient and credible than the millionaire uncle who wants to share his fortune of 10 million euros against a small transfer … And if they come across an elderly person, they can go further, like, "You can check your Ameli account? If you're having trouble, I can do it for you… He concludes.
As for the cause of the leak, an investigation by the Media CheckNews was able to identify the source of the data leak. According to the latter, the problem originates in medical biology laboratories. These laboratories have in common the use of software known as Mega-Bus, an outdated computer program but still in commercialization. It would be managed by the company, Medasys, a subsidiary of the French group Dedalus France. The same French group that considers itself "Europe's leader in health software solutions" was implicated last year in a scandal involving a whistleblower that it allegedly fired for "serious misconduct". He had warned the authorities of computer security problems affecting several programs provided by the group. Vulnerabilities that would allow "anyone could access the extranet, from the web. This included access to tickets opened by hospitals and customer laboratories."
The data concerned here was allegedly stolen between 2015 and 2020 in several medical analysis laboratories in the localities of Morbihan, Côtes-d'Armor, Eure, Loiret and Loir-et-Cher.
When the laboratories were contacted, all unanimously responded that they had not been informed by anyone of the data leak.
As for Dedalus France, the hypothesis is plausible: "Mega-Bus is an old solution. If customers are still using it, it must be the last because it is no longer sold or maintained. Most customers of this system are migrating or have already migrated. »
As a reminder, it should be noted that the file contained information that was quite medically sensitive and personal. Indeed there was information about:
– Drug treatments
– Medical conditions or even HIV-positive conditions of the patient)
The worst part is that the data wasn't even encrypted.
Now access an unlimited number of passwords: