French Regulator Lambasts Health Firms Over Mass Data Leak
Helene Fouquet reports:
France’s privacy watchdog said it’s investigating the leak of sensitive health data on half a million people and said the companies involved could face heavy penalties if they don’t come forward with details of the breaches.
The leaks were of “particularly significant magnitude and severity,” the CNIL said in a statement. Hackers may have infiltrated software made by Dedalus France that was used by medical testing laboratories, according to press reports.
The privacy watchdog cited media reporting on the incidents and said the companies should have notified it of the breaches within 72 hours.
Read more on Bloomberg. This story has really garnered a lot of public attention after a few sites started blogging about the data dump that appeared on a number of forums and sites.
The compressed copy of the data dump that DataBreaches.net had obtained was date-stamped in October 2020. The fields in the dump indicated that it contained a lot of personal and sensitive medical information, as illustrated in the image below.
There were 491,840 records in plain text, which are currently believed to come from 30 different medical laboratories.