French Hospital Hit by Cyberattack, Exposing Data of Over 750,000 Patients

417/67 Friday, November 22, 2024

A cyberattack targeted a hospital in France, revealing the medical records of more than 750,000 patients. The attackers, identifying themselves as “nears,” claimed responsibility for breaching MediBoard software, developed by Softway Medical Group, a leading provider of patient record management systems (EPR) in Europe. The group also alleged access to data from over 1.5 million patients across multiple French hospitals.

Softway Medical Group clarified that the breach resulted from a stolen user account rather than software vulnerabilities or misconfigurations. The compromised data was managed by the hospital rather than being stored on the company’s servers.

Hackers have reportedly put up MediBoard account access from various French hospitals for sale online, with records of 758,912 patients. The data includes names, addresses, phone numbers, emails, medical information, prescriptions, and even hospital financial records. They further claimed access to patient appointment schedules, record modifications, and financial information. While no buyers have yet been identified, there remains a significant risk that the data may be leaked freely among cybercriminal groups.

The exposed information significantly increases the likelihood of phishing, scamming, and social engineering attacks against affected individuals. This incident underscores the critical need for robust data security measures, particularly in healthcare systems handling sensitive and highly valuable information, which is a prime target on the dark web.

Source https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/