Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.
Viamedis and Almerys provide healthcare and insurance services in France with technological and administrative solutions to facilitate transactions.
They manage the sensitive data of policyholders required for granting reimbursements and generally streamline the payment process in France's complex, multi-layered insurance coverage system.
Viamedis first disclosed the cybersecurity incident one week ago on LinkedIn, saying that it suffered a data breach impacting beneficiaries and healthcare professionals.
The company said the exposure includes names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment.
No banking information, email addresses, postal details, or telephone numbers were exposed, as Viamedis said it does not store this type of data on the breached systems.
The company serves 20 million insured individuals through the 84 healthcare organizations that use its services, but it opted not to disclose how many of them were impacted by the incident, saying that this is under investigation.
The breach on Almerys was initially reported by local news outlets citing anonymous sources, and the firm is yet to release an official statement on the incident.
The data protection authority in France has now confirmed both data breaches and says that the attacks impacted 33 million people in the country.
This makes the incident one of the most impactful cyberattacks in the country's recent history, impacting nearly half its entire population.
Although the exposed data does not include financial info, it is still enough to raise the risk of phishing scams, social engineering, identity theft, and insurance fraud for the exposed individuals.
CNIL states that it will ensure that Viamedis and Almerys inform impacted persons directly and individually, as required by the General Data Protection Regulation.
If you suspect you are among the impacted, it is advisable to keep a close eye on your accounts and treat incoming communications, especially solicitations concerning health insurance cost reimbursements, with suspicion.
Data breach at French healthcare services firm puts millions at risk.
Data breach at healthcare tech firm impacts 4.5 million patients.
Integris Health patients get extortion emails after cyberattack.
Healthcare software provider data breach impacts 2.7 million.
Verizon insider data breach hits over 63,000 employees.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 08 Feb 2024 15:45:14 +0000