The health data of half a million French people freely accessible on social networks: an unacceptable threat for those concerned by this piracy of an unprecedented scale in France. After hospitals, it is therefore patients who are now targeted. There is an urgent need for public authorities to make cybersecurity a top priority. There are still too many loopholes, deplores France Assos Santé, which calls for better security of health data, wherever it is hosted, and coercive measures against the authors of these attacks and those who could benefit from them.
Imagine one day finding, on the Internet, exposed for all to see, his postal address, his telephone number, his email, his Social Security number, the name of his blood type, the list of his pathologies and even his doctor’s comments on his state of health? No, of course. Except that it is the nightmare which have been facing for several days some 500,000 social security holders, whose health data has been hacked.
Up to 60 information per patient in circulation
The leak was spotted on February 14. It would be the result of a commercial disagreement between several hackers. One of them, in retaliation, would therefore have thrown the files of half a million French people, some of whom have up to sixty sensitive medical data, now stale.
This information would come from about thirty medical biology laboratories, located in the center and west of France. The information disclosed would correspond to analyzes and samples taken between 2015 and 2020, a period during which the laboratories concerned used the same software for entering medical and administrative data.
The Commission Nationale Informatique et Liberté (CNIL) launched an investigation on Wednesday to shed light on the shortcomings at the origin of this leak, of exceptional magnitude and seriousness, if it was confirmed.
Ultra-secure data everywhere
This case follows two computer attacks carried out respectively on February 8 and 15 against the hospitals of Dax (Landes) and Villefranche-sur-Saône (Rhône), whose services were consequently paralyzed. In the midst of a pandemic crisis, these cyber attacks are enough to give you a cold sweat. Especially since they are not exceptional: according to the Secretary of State for Digital, Cédric O, who spoke on February 17 in front of the deputies, “There were 27 cyber attacks on hospitals in 2020, and since the start of 2021, it’s been one attack per week”.
Ransom, blackmail, identity theft: our health data becomes money. And at a high price. Obviously, the health sector has flaws.
In terms of sensitive information, there can not be double standards, according to France Assos Santé. The same level of requirement must apply to national health data for research – hosted in an ultra secure digital platform (Health Data Hub) in anonymized and pseudonymized form – and to health establishments, manufacturers and tool suppliers. digital. And this, regardless of where they are located.
Piracy, one of the main fears of the French
During the first Digital Citizen’s Workshops in Health, initiated by the Ministry of Health and Solidarity, between 2019 and 2020, the French expressed favorable momentum for the digital health strategy but they had expressed their very great vigilance on security issues and the recovery of their data by third parties. Who has access to health data and for what use? The question resonates even more acutely at a time when thousands of personal data have been stolen and brought to everyone’s attention.
For France Assos Santé, these particularly serious acts call for repression and sanctions in the light of the wrongs and damages caused. During the presentation of the cybersecurity plan to fight against this particularly active threat, in mid-February, the executive promised to strongly condemn the authors of these cyberattacks and those who would profit from them. These acts are all the more reprehensible as they occur in a tense health context. The stake is capital because they could call into question the confidence which the French have in the digital strategy in health.
–
