An information breach at an unnamed French hospital uncovered the medical data of 750,000 sufferers after a menace actor gained entry to its digital affected person report system.
A menace actor utilizing the nickname ‘nears’ (beforehand near2tlg) claimed to have attacked a number of healthcare services in France, alleging that they’ve entry to the affected person data of over 1,500,000 folks.
The hacker claims they breached MediBoard by Software program Medical Group, an organization providing Digital Affected person Report (EPR) options throughout Europe.
Softway Medical Group has confirmed that hackers have compromised a MediBoard account. Nonetheless, it famous that this was not the results of a software program vulnerability or misconfiguration on their half, however quite by way of the usage of stolen credentials utilized by the hospital.
In a letter despatched to French media and shared with BleepingComputer by LeMagIT’s editor-in-chief, Valéry Rieß-Marchive, Softway Medical Group says the uncovered knowledge was in a roundabout way managed by them, however quite hosted by the hospital.
“On November 19, 2024, a cyberattack was detected inside a healthcare facility utilizing the Mediboard software program,” reads the machine-translated e-mail.
“We wish to emphasize that the affected well being knowledge weren’t hosted by Softway Medical Group.”
BleepingComputer contacted Softway Medical Group for clarifications on which account and at what stage was compromised, and a spokesperson shared the next assertion:
“We will verify that our software program just isn’t accountable, however quite, a privileged account inside the shopper’s infrastructure was compromised by a person who exploited the usual features of the answer,” the Softway Medical Group advised BleepingComputer.
“This speculation has been substantiated. It’s subsequently neither as a result of improper implementation of the software program nor human error.”
Promoting entry to hospitals
This all unfolded after the menace actor started promoting what they claimed was entry to the MediBoard platform for a number of French hospitals, together with Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d’Arc, Clinique Saint-Isabelle, and Hôpital Privé de Thiais.
This entry allegedly would let the client view the hospitals’ delicate healthcare and billing info, affected person data, and the power to schedule and modify appointments or medical data.
To show that they gained entry to the MediBoard accounts, the hacker additionally put the data of 758,912 sufferers from an unnamed French hospital up on the market.
These data allegedly include the next info:
- Full identify
- Date of beginning
- Gender
- Dwelling deal with
- Telephone quantity
- E-mail deal with
- Doctor
- Prescriptions
- Well being card historical past
The information was supplied for buy to a few customers, and presently, no consumers have been declared on the sale itemizing.
Even when the information is not bought, there’s at all times a threat of being leaked on-line without spending a dime, making it accessible to the broader cybercrime group.
The kind of knowledge uncovered on this incident raises the danger of phishing, scamming, and social engineering for impacted folks.