PIRACY. Covid test results with the personal data of some 1.4 million people were hacked into a file sharing service used by Assistance Publique – Hôpitaux de Paris (AP-HP).
Yes you carried out a Covid-19 screening test in Ile-de-France over the past few months, it is possible that some of your personal data (your identity, your social security number and your contact details, but also the result of the test carried out) are now he fell into the hands of malicious actors. The Assistance Publique – Hôpitaux de Paris (AP-HP) indeed confirmed Sunday, September 12 that it was the victim this summer of a hacking which would have made it possible to steal the personal data of approximately 1.4 million patients. This cyberattack targeted “a secure file sharing service”, used “very occasionally in September 2020”. Service that the AP-HP uses to transmit to the Health Insurance and to the regional health agencies (ARS) data from medical biology laboratories useful for monitoring and supporting people (the famous contact tracing). Said service allowed (in theory) the Hospitals of Paris to ensure the secure storage and sharing of files, internally and externally.
Data from 1.4 million people tested was stolen
On the other hand, the national file of screening tests (SI-DEP) has not been targeted, specifies the AP-HP. “No other medical data than those strictly related to the performance of the test is concerned”, continues the AP-HP in a press release published on Wednesday September 15. The victims of this computer attack “will be informed individually in the coming days”, indicate the Hospitals of Paris. The AP-HP lodged a complaint with the Public Prosecutor. Warned (like ANSSI, the National Information Systems Security Agency) of this act of piracy, the CNIL (National Commission for Informatics and Freedoms) has opened an investigation. The Ministry of Health told AFP its intention to file a complaint so that “all the light is shed on this leak, its consequences, and that all necessary measures be taken to ensure that such an event does not recur “.
Thanks to the current health crisis and sometimes gaping computer security breaches, attempts at computer attacks against health data storage systems are on the increase. On August 31, the online daily Mediapart revealed that more than 700,000 results of antigenic tests, and the personal data of patients (names, first names, dates of birth, addresses, telephone numbers, social security numbers and e-mail address) had been accessible in a few clicks for months on the Francetest site, an online service transferring pharmacists’ data to the SI-DEP file (the national screening test file).