Hackers Claim Massive Leak of French Healthcare Data, Authenticity Unverified

Fresh Data Leak Claims Target French Healthcare

France is dealing with yet another round of worrying cyber news. Several bad actors have started advertising huge databases online. They claim these databases come from key health and public service groups.

The posts appeared on underground forums in recent weeks. They mention tens of millions of records. Some are supposedly from France’s national health insurance system. Others involve medical record platforms or parcel delivery services.

No one has verified these new datasets yet. But researchers say the sheer size is hard to ignore. And French institutions are still recovering from past security messes.

Threat Actor Claims 19 Million French Health and Delivery Records

A threat actor has claimed they’re selling two separate French databases. One of the databases is reportedly associated with the L’Assurance Maladie (France’s main health insurer), with around 19 million health-related records. The second database allegedly belongs to Colis Privé (a large parcel delivery service), with approximately 24 million delivery records.

Furthermore, they said they’re offering both databases as one product for 5,000 BTC, along with sample screenshots as proof of their authenticity. In the post, the actor also warned of more attacks to come.

However, there has yet to be substantial evidence of this, nor any proof that the two companies in question were the source of the leaked data. Also, there’s no evidence that the number of records listed is even legit.

Actor Lists Dossier Médical Partagé Records for Sale

Another user going by the name of ‘Lagui’ posted an ad claiming they had also extracted 34 million records of data from Dossier Médical Partagé (DMP), which is France’s shared medical record system. The threat actor stated that the database names of people, their birth dates, health IDs, plus phone numbers too.

Additionally, it allegedly contains details of people’s French national identification numbers and bank account numbers. 

According to the threat actor who published these details on the dark web, they collected the information recently. And they estimate that 85% of the records have a national ID number and approximately 30 – 40% contain bank account information. Experts have yet to validate this data.

The Listings Come After a Confirmed Data Breach 

The timing of this announcement is significant. The reports of these postings on the dark web come only weeks after CNAM, France’s largest public health insurance provider, confirmed a breach.

In March, CNAM disclosed that an unauthorized party gained access to healthcare professional accounts, which contained access to patient information via its Infopatient service. The breach reportedly compromised personal data for over 510,000 policyholders and 19 healthcare professional accounts.

The attackers used these accounts to gain access to patient information. CNAM stated that they took quick action to respond once they became aware of any irregularities in their system.

CNAM said they immediately blocked the malicious IP addresses that accessed these accounts. Additionally, they reset all credentials for these accounts.

What Information was Compromised? Names, date of birth, gender, Social Security numbers, reimbursement details. But CNAM stated that it didn’t affect email addresses, home addresses, telephone numbers, banking details, diagnosis, or treatment details. CNAM has notified the French Data Protection Authority and filed a criminal complaint.

The attacker used those accounts to gain access to patient information.

In addition, in June of this year, hackers advertised a dataset related to Almerys, which is one of France’s largest healthcare payment providers, claiming that the dataset contained in excess of 44 million records, including more than 15 million unique Social Security numbers.

Almerys provides payment processing services for approximately 20 million insured people through partnerships with 84 provider groups. When some researchers reviewed sample records from the purported dataset, they found names, dates of birth, Social Security numbers, and employer information.

But they were unable to verify the existence of a dataset containing 44 million records. Also, the Social Security numbers represented in the samples were not complete. It is highly probable that the seller made intentional omissions when providing the sample records.

French Groups are Under Growing Pressure

These constant data leak claims are putting French organizations in a tough spot. Almerys and Viamedis suffered a breach in 2024, exposing the sensitive personal info of millions of people. This included birth dates and marital status. Even Social Security numbers were exposed. As if that wasn’t enough, the breach also leaked people’s insurance details.

More recently, France Titres (formerly the National Agency for Secure Titles) confirmed a breach. About 19 million records linked to passports, ID cards, and driver’s licenses became exposed too.

French authorities are also investigating other serious crimes. French prosecutors have opened an exploitation and trafficking probe into the Al-Fayed family, highlighting the range of investigations underway in France.

So are these new claims real? We just don’t know yet. Neither the L’Assurance Maladie database nor the DMP records have been proven authentic. The same goes for the Almerys dataset.

How large and sensitive the records the hacker is selling show that France’s healthcare system is currently under a lot of pressure. Whether the claims are true or not, these dark web posts remind us that personal data is very valuable to cybercrooks.

Some Safety Tips for Potential Victims

Even when a leak isn’t verified, large amounts of personal info can still be dangerous. Criminals use this information to commit many heinous crimes, such as identity theft, financial fraud, phishing attacks, etc. So it’s still wise to be cautious.

Adopt some preventive measures, like monitoring the activity on your bank and insurance accounts, so you can notice any weird movement in time. Change passwords on important accounts. If you reuse the same password everywhere, stop doing that. Enable multi-factor authentication any chance you get.

Be wary of random emails, texts, or calls that are requesting your personal info; scammers often use stolen information to make their scam emails appear legit. More healthcare scams might start happening henceforth, too. So, if someone’s asking for your details, stop and check with your doctor or insurer directly before you say or send anything.

Notice something off? Maybe your identity, health benefits, or bank info shows weird activity? Don’t wait, report it ASAP.