7 questions about the massive data leak of French patients

A vast database of French patients is exchanged on disreputable forums. What worry the French, and rightly so. To see a little more clearly about this leak, we have answered some of your questions.

Since February 23, a file filled with thousands of data from French patients has focused attention. He had been spotted on February 14 by Zataz, then Release published its investigation on the subject.

The file, a gigantic personal and sensitive database, is exchanged at high speed. What arouse concern on the part of the authorities, but also of all the French. To better understand the incident, Cyberwar answered the 7 most asked questions.

Where does the data come from?

The data seem to come from 27 French laboratories, distinguished by their identifiers. They would have been collected between 2015 and 2020, and the majority of them date from 2018 and 2019. Liberation noted that these laboratories have in common the use of the same software for entering medico-administrative information, edited by Dedalus. This company also manages the IT equipment of several of these laboratories.

At the end of 2020, she suffered a ransomware attack, a few months after accusations of security negligence brought by one of her former employees. As of yet, this supposed origin has not been officially confirmed.

The data would come from laboratories. // Source: CCO/pixnio

What data has been leaked?

The file has precisely 491,839 lines, and you need some computer skills to handle it.

  • On each line is almost always found the name, social security number, date of birth of a patient, as well as the contact details of his doctor.
  • In more than half of the cases, lines are also found the email address, the telephone number, or the blood group of the patient.
  • A final type of information, even more sensitive, is indicated occasionally in a comment section: pregnancy, seropositivity, other medical history. Only a very small fraction of the victims of the leak are concerned.

Other, more secondary data accompanies this flow of personal data.

Where does this file circulate?

Damien Bancal, the first to speak publicly about the leak in France, explains having recovered the database in a private group on the Telegram messaging app. Other sources tell us they’ve found it on at least two forums and one additional Telegram group, all of which specialize in stealing data. At least one of these forums is accessible to anyone, without invitation or authorization. There is no doubt that as the database spreads, it will end up being accessible on other platforms consulted by the thugs.

This is a problem: a large number of criminals, professionals and amateurs alike, can get their hands on the file.

The database is not only exchanged in the cybercriminal world, it also circulates in the world of cybersecurity: everyone wants to know whether their loved ones are part of the leak or not. The French authorities are also aware of the file, whether it is Anssi, the agency responsible for the fight against cyberattacks, or the Cnil, the French data authority.

Conclusion: the leak has largely passed the confidential stage, which accentuates the scale of the incident.

Can I find out if I am affected?

This is the question that all French people ask themselves. Those who know how to get the base will check for themselves, despite the fact that it was obtained illegally. But the majority of citizens do not have the technical skills, or simply do not want to venture into illegal forums.

There is a reference site, Have I Been Pwned, to find out if its information is in a data breach. But the site, which aggregates more than 10.5 billion lines of leaked data, has so far not downloaded the database of French patients. And maybe he never will.

As a result, a few private initiatives have sprung up to offer anyone to know whether or not their name is in the data breach. Problem: these tools venture to the limits of the law, and in particular those of the famous rGeneral Data Protection Regulation (GDPR). And that’s not all: as a precaution, these sites only indicate the presence of the name in the database, and do not list the data linked to it (contact information, medical history, etc.). This imprecision prevents victims from fully assessing their situation.

The Cnil, the French data authority, has already explained to Cyberguerre that it would not create a tool of the same kind. On the other hand, she recalled by press release that the victim of the leak had to notify her of the incident, and that the law provided for her to communicate to persons whose sensitive data had been exposed. The people concerned could be warned, but the origin of the leak must still be clearly identified.

What are the risks of the leak?

Using the data in the file, cybercriminals can consider several attack scenarios:

  • You’re phishing. The more information the thugs have about a person, the more they can create a compelling message, which their target might believe. The goal of phishing is most often to steal banking information or credentials. In some cases, criminals will try to get their victims to download malware. Since the file contains the means of contact of the patients, the work of the offenders is pre-chewed.
  • Blackmail in the disclosure of data. The small amount of very sensitive data contained in the database, such as the HIV status of certain people, could be used to fuel blackmail maneuvers. Either the victim pays, or his relatives or his employer will be made aware of a medical secret.
  • Connection attempts to other sites. The social security number is sensitive information, used as a means of authentication for certain services, especially public ones. Combined with the other database information, it could allow connection to certain accounts.

How to protect yourself from data breach?

This is a huge question, difficult to answer. You have to understand that a data leak doesn’t work like a water leak: you can’t just plug it and mop it up without leaving a trace. Once data is out of the control of the company that hosted it, it can circulate indefinitely on the web, and many people will back it up.

There is no centralized way to dispose of this data, and victims have no choice but to adapt. Some general precautions still apply:

  • Be extra vigilant about the messages you receive, whether by phone or email, especially if they are medical related. This will allow you to thwart phishing attempts.
  • Monitor your sensitive accounts more regularly, especially those related to health (mutual, ameli …).
  • Activate double authentication when it’s possible. This will provide additional protection even if thieves manage to guess or reset your password.

What legal consequences for the different parties involved?

According to AFP, taken over by Le Monde, section J3 of the Parquet de Paris, specialized in cybercrime, opened a criminal investigation. The magistrates referred the case to the Central Office for the Fight against Crime Related to Information and Communication Technologies (OCLCTIC), a specialized division of the judicial police. In question: the“Fraudulent access and maintenance in an automated data processing system” and the“Extraction, possession and fraudulent transmission” of this data.

But that’s not all: Anssi, the Cnil and the Ministry of Health are also investigating the leak, alongside the software publisher suspected of being the origin of the leak, that is to say – say the entry point of hackers. This investigation should bring to light the modus operandi of the criminals, and make it possible to better understand the extent of the incident.

The suspected publisher is not the only one to risk a sanction. With regard to the GDPR, laboratories that have entered patient information into the software are also responsible for data processing. They are therefore subject to requirements in the means they use to protect their patient data. If these are considered insufficient, the laboratories could be penalized.

Finally, the hackers behind the leak, the people who publish the database and those who own it also face legal risks, ranging from fines to prison terms.


Source: Numerama by cyberguerre.numerama.com.

*The article has been translated based on the content of Numerama by cyberguerre.numerama.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!