Ethical Hacking News
A recent cyber attack on an unnamed French hospital has resulted in the exposure of sensitive healthcare data, compromising the electronic patient record system (EPR) used by multiple healthcare organizations. Over 758,000 patients were affected by the breach, with stolen data including name, first name, date of birth, gender, address, city, postal code, phone number(s), and email.
The recent French hospital cyber attack exposed sensitive healthcare and billing data, compromising over 758,000 patient records. The breach affected multiple healthcare organizations in France using the MediBoard platform provided by Softway Medical Group. The stolen data includes medical information such as attending physicians, prescriptions, and death declarations. The attack is believed to be a supply chain attack, with hackers compromising the MediBoard platform. Patients are advised to remain vigilant and monitor their personal data for any suspicious activity. Healthcare organizations must take immediate action to strengthen their defenses against cyber threats.
A recent cyber attack on an unnamed French hospital has resulted in the exposure of sensitive healthcare and billing data, compromising the electronic patient record system (EPR) used by multiple healthcare organizations. The breach, which occurred in late November 2024, affected over 758,000 patients, with the stolen data including name, first name, date of birth, gender, address, city, postal code, phone number(s), and email.
The threat actor responsible for the breach, using the moniker 'nears' (previously near2tlg), claimed to have had access to patient records of over 1.5 million people following a series of hacks on multiple healthcare organizations in France. According to reports on the Breachforums cybercrime forum, the stolen data also includes medical information such as attending physicians, prescriptions, death declarations, external Identifiers, and health card history.
The breach is believed to be a supply chain attack, with hackers compromising the MediBoard platform provided by Softway Medical Group, which offers Electronic Patient Record (EPR) solutions to European healthcare organizations. Softway Medical Group disclosed a security breach, stating that attackers accessed a hospital's data using stolen credentials and clarified that the compromised data was hosted and managed by the hospital, absolving their software of responsibility for the breach.
The Softway Medical Group statement read: "The Softway Medical Group wishes to provide clarifications regarding the recent cyberattack mentioned in certain press articles. This attack targeted a healthcare establishment that is a client of the group, but the compromised data was not hosted by the Softway Medical Group and the Mediboard software is not implicated."
The exposure of medical data puts patients at risk of identity theft, fraud, phishing, and extortion. It can lead to stigma, discrimination, and emotional harm. Altered records may cause misdiagnoses or medical errors. Patients also face financial losses and compromised privacy.
This breach highlights the importance of robust cybersecurity measures in place to protect sensitive healthcare data. The French hospital's EPR system was not adequately protected against the attack, resulting in a significant breach of patient confidentiality and trust.
The Mediboard platform is used by multiple French hospitals, including Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d'Arc, Clinique Saint-Isabelle, and Hôpital Privá de Thiais. The breach of this platform has raised concerns about the security of patient data across multiple healthcare organizations in France.
The breach is a stark reminder of the need for robust cybersecurity measures to protect sensitive patient data. Healthcare organizations must take immediate action to strengthen their defenses against cyber threats and ensure that patient data remains secure.
In light of this breach, patients who were affected are advised to remain vigilant and monitor their personal data for any suspicious activity. Patients can also contact their healthcare provider or local authorities for assistance with protecting their sensitive information.
The French hospital's EPR system was compromised by a rogue actor using the moniker 'nears' (previously near2tlg). The breach is believed to be a supply chain attack, with hackers compromising the MediBoard platform provided by Softway Medical Group.
This article will provide further updates and analysis on this developing story as more information becomes available.
Related Information:
https://securityaffairs.com/171238/data-breach/sale-750000-patients-french-hospital.html
Published: Thu Nov 21 07:24:27 2024 by llama3.2 3B Q4_K_M
