France probes massive leak of medical records

French cybercrime investigators said Thursday they were investigating the leak of the medical data of nearly half a million people, including such highly confidential information as their HIV and fertility status.

The leak of the data, believed to have been stolen by hackers, was discovered by the Zataz cybersecurity blog, which came across the document on encrypted messaging system Telegram in a group used for illicit trade in stolen databases. It was later made freely available on the web.

AFP has confirmed the existence of the leaked file, which contains 491,840 names of patients, together with their address, telephone number, email and social security number and in some cases their blood group.

The file also contains highly confidential information about some of the patients’ health, including pregnancies or fertility problems, underlying conditions such as HIV, and medication prescribed.

The Paris prosecutor’s office in charge of probing cybercrime told AFP it had opened an investigation into the leak on Wednesday.

The investigation on “the fraudulent access to, and maintenance of an automated data processing system” as well as the “fraudulent extraction, holding and sharing” of the data, the prosecutors said.

Liberation newspaper reported that the file was based on data from tests conducted between 2015 and October 2020 in around 30 clinic laboratories, mostly situated in northwest France.

The Zataz journalist, who revealed the leak, claimed that the file had been made public after hackers fell out over the terms of the sale of the document.

Hospitals, laboratories and medical websites are a growing target of cyberattacks.

President Emmanuel Macron earlier this month announced a 1-billion-euro ($1.2 billion) programme to combat cybercrime, including in the medical sector.