Major data breach at healthcare provider puts millions of customers at risk

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

A French company that handles payments for health insurance firms suffered a major data breach that possibly put sensitive information of millions of people at risk. 

Viamedis announced the breach on its LinkedIn page, as its website is offline - and at press time, the website was still unavailable. 

As per the announcement, machine-translated from French, unnamed threat actors breached Viamedis and stole client personal information including marital status, date of birth and social security number, name of their health insurer and guarantees available to third-party payers.

Disconnecting the platform 

“Neither bank information, nor postal address, nor telephone number, nor email are affected by this malicious act,” the company confirmed in the announcement. As for health data, fewer than 50 beneficiary invoices have been breached, which contain details on medical transport only (taxi and ambulance).

Viamedis did not state how many people were affected by the breach, but it did confirm that it manages third-party payments for 84 complementary health insurance companies which when combined, service 20 million people. 

As soon as the data breach was spotted, Viamedis disconnected its third-party payment management platform.

“Beneficiaries will be able to continue to use their carte vitale and their third-party payment card, the temporary disconnection from the Viamedis platform will only have an impact on certain health professionals, in particular opticians and audioprosthetists,” it said.

Speaking to Agence France-Presse (AFP), Viamedis General Director, Christophe Cande, said the attack wasn’t ransomware, but rather a successful phishing attack against one of the company’s employees. 

"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation,” Cande said. 

Viamedis filed a complaint with the public prosecutor, and notified other relevant authorities. For healthcare professionals, it said it would notify them on the details of exposed data later.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.