The people concerned have carried out a Covid-19 screening test in Ile-de-France.
LThe personal data of about 1.4 million people, who underwent a Covid-19 screening test in Ile-de-France in mid-2020, were stolen “following a computer attack”, announced Wednesday the Public Assistance-Hospitals of Paris (AP-HP).
This attack was “carried out during the summer and confirmed on September 12,” the AP-HP said in a statement, which added that it had lodged a complaint on Wednesday with the Paris prosecutor.
The facts were also reported to the National Commission for Informatics and Freedoms (Cnil) and the National Information Systems Security Agency (Anssi).
The hackers did not target the national file of screening tests (SI-DEP) but “a secure file sharing service”, used “very occasionally in September 2020” to transmit to Health Insurance and agencies regional health authorities (ARS) information “useful for + contact tracing +”.
These data include “the identity, social security number and contact details of the people tested”, as well as “the identity and contact details of the healthcare professionals taking care of them, the characteristics and the result of the test carried out”, but do not contain “any other medical data”.
In total, “the stolen files concern about 1.4 million people, almost exclusively for tests carried out in mid-2020 in Ile-de-France”, specifies the AP-HP, ensuring that those concerned “will be informed individually in the next days “.
The institution recognizes that “the theft could be linked to a recent security flaw in the digital tool” that it uses for file sharing, to which “access was immediately cut off pending the end of the investigations”. The latter “are continuing to determine the origin and modus operandi of this attack”.
The Ministry of Health told AFP that it had also “decided to file a complaint”, so “that all the light is shed on this leak, its consequences, and that all the necessary measures are taken for such an event. does not happen again ”.