Personally identifiable information of more than 500,000 French citizens was stolen from the Caisse Nationale de l’AssuranceMaladie (CNAM) after criminals gained access to the accounts of healthcare professionals.
In a brief posted on March 17, the public health insurer said unknown attackers infiltrated its patient services, accessing information of 510,000 policyholders.
At this point, the insurance provider had identified 19 compromised healthcare professional accounts used to connect to its ‘Infopatient’ services.
“As soon as the attack and the accounts at the origin of these abnormal solicitations of the Infopatient service were identified, the IP addresses concerned were banned and the accounts of the healthcare professionals reset,” CNAM said.
Stolen data includes names, date of birth, gender, Social Security numbers, and levels of reimbursement. However, CNAM said no contact details (email address, postal address, telephone numbers), bank details, or data related to any illnesses or treatment were impacted by the attack.
In response to the massive data breach, L’assuranceMaladie notified the National Commission for Computing and Freedoms (CNIL) and filed a criminal complaint.
All concerned policyholders will receive a letter or email from CNAM with further instructions.
While CNAM has confirmed that no email addresses or phone numbers were compromised, the attacker can use the exposed names to gather more intel on potential targets. Other cybercriminals and spammers could also latch onto the data breach by conducting phishing attacks on unwary French citizens.