- A hacker advertised access to a number of French healthcare organizations
- A few hours later, they tried selling sensitive data grabbed from some of them
- More than 750,000 people were apparently exposed
A cyberattack against a French hospital has resulted in the theft of sensitive data on almost a million patients.
A threat actor with the alias near2tlg took to the infamous hacking community BreachForums to offer access to “multiple establishments”, including Centre Luxembourg, Clinique Alleray-Labrouste, and a couple of others.
They claimed that the offering granted access to sensitive data belonging to 1.5 million people, including patient records, billing, and other data.
Compromised account
Two hours later, the same actor posted a new thread, selling “French hospital data”. The compromised information allegedly included people’s names, dates of birth, gender, postal addresses, cities, postal codes, phone numbers, and email addresses. Furthermore, the archive contained information on attending physicians, prescriptions, death declarations, and more. They said that 758,912 users were affected, and that the breach was done through Mediboard.
Mediboard is an Electronic Patient Record (EPR) solution, developed by Softway Medical Group. The company confirmed the breach to local media, but stressed that the attack did not come as a result of a vulnerability, but rather as a result of stolen credentials.
“We want to emphasize that the affected health data were not hosted by Softway Medical Group,” they said.
In a statement to BleepingComputer, the company said that the compromised account had elevated privileges: “We can confirm that our software is not responsible, but rather, a privileged account within the client’s infrastructure was compromised by an individual who exploited the standard functions of the solution.”
“This hypothesis has been substantiated. It is therefore neither due to improper implementation of the software nor human error.”
At press time, there were no confirmed buyers, but healthcare information is usually highly regarded among cybercriminals. They can use it for a wide variety of crime, from phishing, to identity theft, wire fraud, and more.