The data of more than 33 million people has been stolen in a cyber attack on two French healthcare payment companies. The French privacy watchdog Cnil reported this on Wednesday. The affected group includes almost half of all residents of France.
During the cyber attack on Viamedis and Almerys, data about civil status, dates of birth, insurance numbers, names of health insurers and the coverage of policies taken out by policyholders and their families were stolen. According to Cnil, bank details, medical information or health data are not in the hands of the hackers.
The French privacy watchdog now wants to quickly launch an investigation to find out whether the security measures were in accordance with the obligations. Cnil is also calling on every insurer using Viamedis and Almerys to “individually and directly” inform all their customers affected by the data breach.
Viamedis indicated in early February that it had closed its platform when the burglary was discovered. The company has also filed a complaint. According to the general manager, Christophe Candé, it was not a ransomware attack, but an intrusion into the platform. “A healthcare provider’s account was phished,” he clarified.