Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

French Healthcare Payments Processor Breaches Affect Half of Population

France’s data protection agency CNIL says it is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected.

France’s data protection agency CNIL is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected.

A notice from CNIL said two French service providers — Viamedis and Almerys — were targeted in a cyberattack that puts almost half of the French population at risk.

The agency said the two companies manage third-party payments for the medical insurance industry and warned that the exposed data includes  marital status, date of birth and social security number, the name of the health insurer and family members.

Data such as banking information, medical data, health reimbursements, postal details, telephone numbers or even emails, were not affected.

The CNIL advisory said it will push for the breached companies to comply with the European Union’s GDPR (General Data Protection Regulation) rules around victim disclosure.

Although contact data is not affected by the breach, the CNIL notes that it is possibleto combine data from different incidents in cyberattacks against individuals.

“Given the scale of the violation, the president of the CNIL decided to very quickly carry out investigations in order to determine in particular whether the security measures implemented prior to the incident and in reaction to it were appropriate with regard to the GDPR obligations,” the CNIL said.

Related: GDPR Fines Surged Sevenfold to $1.25 Billion in 2021

Advertisement. Scroll to continue reading.

Related: France Fines Yahoo 10 Mn Euros Over Cookie Abuses

Related: France, UK Seek Greater Regulation of Commercial Spyware

Related: France Punishes Clearview AI For Failing To Pay Fine

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.