This Friday, February 9, the Paris prosecutor’s office indicated that it had opened an investigation into the recent cyberattacks suffered by two third-party payment operators, Viamedis and Almerys, perhaps the most massive recorded to date in France.
THE data theft concerns more than 33 million French people, according to estimates from the National Commission for Information Technology and Liberties (Cnil). Viamedis (subsidiary of Malakoff supplementary health insurance companies Humanis and Vyv) and Almerys (independent Be-Ys group) are third-party payment operators on behalf of supplementary health insurance companies. These allow health professionals (pharmacists, opticians in particular) to verify that their client is a member of complementary health insurance and is entitled to third-party payment. Almerys thus boasts 230,000 affiliated health professionals. The complaints filed by the two companies led to the opening of a preliminary investigation, indicated, on February 9, 2024, the anti-cybercrime section of the Paris prosecutor’s office, contacted by AFP.
A ” aspiration of display pages »
According to the information known to date, the figure of 33 million French people affected is based on the number of people that Viamedis and Almerys had referenced, and not on the number of people whose data was actually copied. There may also be duplicates, a specialist told AFP.
The attacker(s) managed to get their hands on “pairs” of identifiers and passwords of healthcare professionals. According to Almerys, once connected, the attackers were able to make a “ aspiration of display pages » of social insured persons eligible for third-party payment, using “ a bot », an automated procedure. The attack is said to have taken place since “ two IP addresses ” who have been “ identified “.
The investigations, which are entrusted to the Cybercrime Brigade of the judicial police, relate to the offenses of breach of an automated data system, fraudulent collection of personal data and concealment of a crime. According to the CNIL, “ the data concerned are, for the insured and their family, marital status, date of birth and social security number, the name of the health insurer as well as the guarantees of the contract subscribed “. But they do not contain a priori crucial information for hackers such as banking information, medical data, health reimbursements, postal details, telephone numbers, emails.
Setting up phishing attacks
However, if this digital information is crossed with other files by hackers with a good level of organization, it nevertheless makes it possible to mount phishing attacks (phishing). The hacker will have at his disposal information allowing him to establish his credibility in the eyes of his victim. At the beginning of February 2024, one of the two operators targeted, Viamedis, indicated that it had disconnected its management platform upon discovery of the intrusion, which did not prevent social security policy holders from benefiting from third-party payment.
Read alsoCybercrime: artificial intelligence also delights hackers