Home » today » Health » Francetest correctly secures health data linked to Covid-19 screening, concludes the Cnil

Francetest correctly secures health data linked to Covid-19 screening, concludes the Cnil

by

The National Commission for Computing and Liberties (Cnil) announced this Thursday, January 27 the closure of the formal notice to Francetest. This company publishes software that facilitates the transfer of the results of Covid-19 screening tests carried out by pharmacies to the SI-DEP file (results recording platform) for one euro for transmission.

An exhibition of 700,000 data

The company has demonstrated that it has put an end to all the shortcomings noted during the inspection by significantly strengthening the security of its processing“, writes the authority. It was in October 2021 that Francetest was pinned following an anonymous report indicating the existence of a security breach affecting its site. Indeed, a security breach exposed 700,000 antigen test results and personal patient data.

At that time, the Commission noted that Francetest had taken “some measuresto address the vulnerability that caused this breach. But it stated that “several data security shortcomings” remained. Indeed, the health data was hosted by a service provider that did not have the label “health data host” (HDS), the authentication processes were not robust enough, the “cryptologiques“Employees were weak and the logging of server activities lacking.

The questionable choice of AWS

Francetest had two months to comply with the obligations of the General Data Protection Regulation (GDPR). It is now done, according to the Cnil. In particular, the company changed its data host and chose… Amazon Web Services (AWS), which has HDS approval. The choice of an American supplier in the midst of a debate on the consequences of the invalidation of the Privacy Shield by the European judge is questionable. Especially since there are French or European cloud providers also with the HDS label such as OVHcloud, 3DS Outscale or Oodrive.

The Commission adds that Francetest has reinforced the robustness of its authentication processes and now uses procedures “cryptologiques“compliant”to the rules of the art“. It has also extended the logging of its servers.

Related posts:

The oil that helps you sleep peacefully and fights oxidative stress. Also used in cooking, it contr...
Three days of blood donation, starting Thursday, in Concarneau - Concarneau
"PEP vs. PrEP: Understanding Emergency and Pre-Exposure HIV Prophylaxis"
Institute of Natural Medicine celebrates graduation of graduates 2020

Georgina opens up, opens up for the first time with Ronaldo

Mazepin, in preparation with Cristiano Ronaldo

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.