The online medical appointment service Doctolib announced Thursday July 23 that it had been the victim of data theft, “Which allowed illegal access to the administrative information of 6,128 appointments”, explains the company in a press release. The security breach that allowed this theft, which took place on July 21, is now closed.
The company claims that “This illegal access does not concern appointments made on www.doctolib.fr or on Doctolib’s practice management software, but appointments made on certain third-party software connected to Doctolib”. The security breach therefore seems to have concerned not the service as such, but a programming interface (API) which allows specialized software (for making appointments or managing agendas) to connect to Doctolib.
Personal informations
The number of affected users is low, but the information to which the hackers were able to have access is numerous and confidential: telephone number, e-mail address, name and specialty of the healthcare professional… Neither the passwords of Doctolib accounts nor the reasons appointments are not affected by this theft, says the company. The patients concerned will be contacted directly, says Doctolib, who lodged a complaint and notified the National Commission for Informatics and Liberties (CNIL).
Doctolib, a Franco-German company, is one of the few European start-ups valued at more than one billion euros. The company had raised 150 million euros in March 2019.
–
