The Ameli site has again been the victim of a hack. The personal information of more than a million Medicare beneficiaries is for sale on the Dark Web, including bank details.

The Ameli site has again been the victim of a

The Ameli site has again been the victim of a hack. The personal information of more than a million Medicare beneficiaries is for sale on the Dark Web, including bank details.

Ameli is again the victim of a massive computer hack. This is certainly not the first time that the Health Insurance site has been attacked (see below), the services of the National Health Insurance Fund (Cnam) – Ameli for the general public and AmeliPro for healthcare professionals – being particularly attractive to hackers, as they contain the personal data of tens of millions of policyholders. But this new case is particularly serious. As reported by the watch service of the site Zatac, specializing in cybersecurity, one million accounts are affected this time. Worse still, the information associated with these policyholders is on sale on a hacker forum for the modest sum of 6,000 dollars – or approximately 5,700 euros. And it’s not just about names or identifiers: the hacked file contains extremely sensitive information.

Hacking Ameli: passwords and bank details for sale

Personal data stolen by the hacker includes social security numbers, account IDs and passwords. Other information could have been compromised since the Ameli site has the postal addresses, but also the bank details necessary for reimbursement for practitioners. The beneficiaries of the site are therefore exposed to scams and other malicious purposes, such as identity theft or embezzlement. This case is having the worst effect on the security of information on health insurance services, especially since, since February 2022, the Cnam has been encouraging the public to use My health spaceits brand new service designed to collect and securely store all the medical information of its policyholders in France (see our article)…

Ameli: coveted personal data

If the method used by the hacker for has not been revealed, it is probably a phishing campaign – Phishing in French. Many text messages are currently circulating to request the renewal of his expired vital card, with obviously a form for entering contact details and an electronic payment at the key to justify sending costs, which only range from a few cents to a few euros. If the asking price seems ridiculous – this makes the approach more credible and leads to less vigilance –, it is above all a question of recovering the data to exploit them. This technique is all the more effective since some users are not familiar with the methods adopted by cybercriminals. To fight against these scams, Ameli now displays a banner on its home page alerting you to fraudulent calls, emails and SMS, with many tips on how to prevent them. However, it is also possible that the hacker exploited a 0-day flaw, a computer vulnerability that is not yet known or not fixed.

This is not the first time this kind of incident has happened. Already in March 2022, the personal information of some 500,000 Medicare beneficiaries had been stolen. By obtaining the identifiers and passwords of health professionals (mainly pharmacists) and using a software robot, the hackers had carried out “chain” queries of a service called Infopatient giving access, from numbers of social security, to certain administrative information of insured persons. Among the stolen data are the surnames and first names of the insured, but also their date of birth, their sex, their social security number and even data relating to rights such as the declaration of a attending physician, coverage at 100 % or even the allocation of complementary solidarity health.

Last year, the daily Release revealed that the personal data of more than 400,000 people were grouped together in a file available on the Web. On the menu, many sensitive data such as the first and last names of patients, but also the social security number, telephone number, blood group, etc. The file, which is said to come from a database used by medical analysis laboratories in northwestern France, included information collected between 2015 and 2020 and did not benefit from any encryption.

What to do to protect yourself?

In order not to take any risks, first check that you have not replied to a suspicious e-mail or SMS that seems to come from the Health Insurance. As the method of hacking is not known, it is better to change all your Ameli account access passwords and carefully monitor the activity of your Ameli account in the weeks and months to come. If you find yourself a victim of fraud despite everything, immediately oppose it on 0 892 705 705 (available 24 hours a day), then contact your bank, change your passwords and file a complaint at the police station. If you spot an attempted scam by SMS or telephone, do not hesitate to report it to Spam flag. You can also report a phishing site address to Phishing Initiative which will close the access. Unfortunately, these campaigns are becoming more and more common and we must remain vigilant at all times. And remember to consult our practical sheet to identify and report any attempted fraud.

ccn5