Hacking of Paris hospitals: data leak of 1.4 million people tested for Covid-19

The Assistance publique-Hôpitaux de Paris (AP-HP) reports that the personal data of around 1.4 million people who have been tested for Covid-19 in Île-de-France are on the run. This concerns the tests which were carried out in mid-2020.

A major hacking of Paris hospitals in connection with the Covid-19
The hack took place during the summer and was confirmed on September 12, the AP-HP said in a statement. The group adds to having lodged a complaint Wednesday with the Paris prosecutor. The facts were also reported to the National Commission for Informatics and Freedoms (CNIL) and the National Information Systems Security Agency (Anssi).

The hackers did not target the national file of screening tests (SI-DEP), but a secure file sharing service, used very occasionally in September 2020 to transmit to Health Insurance and regional health agencies (ARS) useful information for contact tracing. This data includes the identity, social security number and contact details of those tested, as well as the identity and contact details of the healthcare professionals taking care of them, the characteristics and the result of the test performed. However, there is no other medical data.

AP-HP promises that the 1.4 million people affected by this hack will be individually informed. This will be done gradually over the next few days.

The institution acknowledges that the theft could be linked to a recent security breach in the digital tool it uses for file sharing, access to which was immediately cut off pending investigations. The latter are continuing to determine the origin and modus operandi of this attack.