Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday.
Hospital officials said they filed a complaint with the Paris prosecutor’s office on Wednesday after confirming on September 12 that such a cyber attack took place over the summer.
Stolen were the identities, social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results, the hospital organisation said.
But no other health information was stolen, they said.
In all, “the stolen files concern 1.4 million people, almost exclusively for tests taken in the middle of 2020” in the Paris region, the hospitals organisation said in a statement.
Those affected “will be notified individually in the coming days”, they said.
The facts of the case were also reported to France’s data watchdog, the CNIL, and the French National Agency for the Security of Information Systems (ANSSI).
The CNIL said it had “opened an investigation into this violation”.
The hackers did not target the national testing files but rather a “secure service for sharing files”, which were used in September 2020 to transmit information “useful for contact tracing” to various health authorities.
The ministry of health also told AFP it has decided to file a complaint so that “all light is brought to bear on the leak, its consequences, and all the measures needed are taken to prevent a repeat of such an event”
Related: Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps
Related: COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare?
Related: French Privacy Watchdog Okays Coronavirus Tracing App
