Cybercriminals swipe 15.8M medical records from French doctors ministry
The Register
March 3, 2026
AI-Generated Deep Dive Summary
A cyberattack on Cegedim Santé, a third-party software supplier to France's health ministry, resulted in the theft of approximately 15.8 million administrative files containing sensitive patient information. The breach occurred in late 2023 when attackers targeted MonLogicielMedical (MLM), a platform used by 3,800 doctors across France. While most of the stolen data consisted of routine administrative details like full names, dates of birth, and contact information, about 165,000 files included handwritten notes from doctors that, in some cases, contained sensitive medical histories, including diagnoses of HIV/AIDS and individuals' sexual orientations. The attack highlights a critical vulnerability in healthcare data management systems.
The MLM software allowed patients to access their health records and communicate with their physicians, making it a prime target for cybercriminals seeking sensitive personal information. Cegedim confirmed that all stolen data was contained within the administrative files, which were accessed through compromised user credentials or malicious activities targeting the system's vulnerabilities. This incident follows another major breach earlier in 2023 when attackers infiltrated France’s finance ministry and stole details of over 1.2 million bank accounts. These incidents underscore a concerning trend of cyberattacks on government and healthcare systems, raising questions about data security protocols and third-party vendor oversight.
This breach matters significantly to readers interested in tech and cybersecurity because it exposes the risks associated with relying on external software suppliers for critical infrastructure. The theft of sensitive medical information poses serious privacy risks, including identity theft and potential discrimination based on health conditions. Additionally, the attack highlights the need for stronger security measures in healthcare systems and the importance of protecting third-party vendor networks from cyber threats. Such incidents not only compromise individual privacy but also erode public trust in government and institutional data protection capabilities.
Verticals
tech
Originally published on The Register on 3/3/2026