In a press release, Health Insurance confirmed that hackers had recovered the personal data of more than half a million policyholders. The hackers had captured access to 19 professional accounts, and an automated system for connecting to patient records allowed them to access information such as surname, first name, date of birth, sex, but also social security number as well as data relating to any pathologies.
–
VIDEO"/>You may also be interested
[EN VIDÉO] What is the difference between the deep web and the dark web? You’ve probably heard the terms deep web and dark web before, but do you know what makes them different? © Futura
—–
New hiccup for the health service in France! In October 2021, thousands of files of the Family Allowance Fund had been made accessible to other benefit recipients after a bug computer when updating the identification system at the site. This time it’s more serious since health insurance detected at the end of last week “ that unauthorized persons have managed to connect to amelipro accounts reserved for healthcare professionals ».
By ” unauthorized persons “, we must understand ” pirates “, and according to the first findings, the hackers were able to connect to 19 accounts of healthcare professionals whose email addresses had been compromised. Through automated connections to a named service patient infothe crooks then gained access to the personal data of hundreds of thousands of policyholders, and there is a jumble of information such as surname, first name, date of birth, sex, but also the social security number, as well as data relating to rights. On the other hand, contact information (e-mail, address, telephone) and bank details, as well as data relating to any pathologies and treatment prescriptions are not affected.
Data resold on the dark web
« Stolen passwords serve as a key to unlocking treasure troves of informationrecalls Chris Dickens, sales engineer at HackerOne. Once this information is disclosed, the question is where it goes and who will be impacted by this data breach. This is especially common in the healthcare industry where patient system credentials need to be distributed to professionals in hospitals, pharmacies, consulting firms, universities, and more. »
According to this specialist, it is to be expected that recovered data end up on the dark web to be sold there, so other cybercriminals are likely to buy them and exploit them in the same way. For this type of breach, there may be carte vitale scams since the social security number is part of the data recovered.
Victims of hacking are warned
For its part, and at the first signs of the attack, Health Insurance banned the IP addresses that had had access to the 19 Amelipro accounts, and it reset the accounts of the healthcare professionals affected. For them, it is essentially a matter of create a new password. In addition, monitoring tools are in place to detect any anomalies of identification to teleservices from the Amelipro portal.
Also according to Health Insurance, 510,000 policyholders are affected by this data leak, and they have been individually informed of this incident. In this message, the CPAM raises awareness of the increased risk of phishing, even if the email address and telephone number have not been hacked. An awareness that mainly concerns health professionals since the fault came from Amelipro.
Support your independent scientific media: discover our subscription formulas!
–
4 good reasons to subscribe to Futura on Patreon:
- A site without any advertising from 3.29 euros per month.
- It is without commitment.
- Access to priority content, in preview, just for you.
- You support our business in the best possible way. A real motivation for us!
Interested in what you just read?
–
–
:strip_exif()/i/2004996838.jpeg?resize=150%2C150&ssl=1)