Ten days ago, the newspaper Release revealed the exposure of the medical and administrative data of more than 490,000 French, including 350,000 Bretons. Data collected by Internet hackers and distributed on the “dark web”. Two days after these revelations, the Paris prosecutor’s office took up the case and opened an investigation.
The email addresses of 12% of the targeted patients would have leaked
For its part, the National Commission for Informatics and Freedoms (Cnil) has launched checks. This Thursday, March 4, she indicates that she asked, through the Paris judicial tribunal, blocking a site hosting hacked health data. Patient files from 28 laboratories were collected by the hackers.
According to journalist Jean-Marc Manach, less than 12% of victims saw their email address disclosed. However, since the revelation of this affair, some feel completely lost. Philippe, a Morbihannais, manages a Facebook page which welcomes potential or actual victims of this leak. “People have a lot of worries and doubts. They wonder what’s going to happen to them, who they can and should turn against. It’s all very fuzzy.” He and his wife were victims of the hackThis is in any case what the site put online by the company Acéis tells them, a few hours after the revelations in the press. A site deactivated this Thursday, March 4.
All the laboratories reported to the CNIL
“We made this choice because the laboratories take over to inform their customers and, moreover, this site, even if it did not collect any data, flirted between the legal and the illegal. Faced with the recommendations of the CNIL, we preferred the to close,” explains Yves Duchesne, CEO of Aceis. The boss also ensures that the information provided by his site was reliable. “Contrary to what I can read here and there, the data was correct.”
Who to believe? On the Internet, many Britons express their doubts. If your data has been hacked you should know it very quickly. To date, all the targeted laboratories have reported to the CNIL. Their mission is now to turn to their patients. “Everyone concerned will personally receive a letter from us explaining what happened and how they can protect themselves,” says Olivier Kerrand, president of Ocealab, which has seven laboratories in Morbihan. Some 121,669 patients in its laboratories are affected by the data leak.
A letter will be sent to the persons concerned
Since last Tuesday, a crisis unit has been activated in his company. Staff were hired to respond to the thousands of emails that filled the laboratory’s mailbox. It’s been a week since the standard exploded. “We have mobilized very large resources to reassure patients and respond to them, but they must understand that the task is colossal. We are doing our best. The couriers will leave next week.“The entrepreneur also approached a specialized law firm and decided to file a complaint against X. In Pontivy, the Biopole laboratory has also initiated this process.
The instructions are clear, if you do not receive a message from your laboratory, there is no point in filing a complaint with the gendarmes or the police. Otherwise, you can go to the police station or gendarmerie with the document received and explain your approach. “We have passed on information to the brigades so that complaints are taken into account,” We confirm on the side of the Morbihan gendarmerie group. It is also possible to write to the public prosecutor of the district court in your place of residence.
Several possible steps
Why file a complaint? According to several lawyers we contacted, it is possible to file a complaint against X, in particular on the basis of article 226-17 of the penal code for lack of data security. Laboratories point the finger at Dedalus, publisher of the software with which they were equipped, but the investigation conducted by the Paris prosecutor’s office will tell who is responsible. According to several specialists, laboratories could also be blamed for their negligence.
“However, one should not be deluded too much, unless there is action by a group of people, there is little chance of hoping for anything from justice. If damages should be due. to be there, they would be of the order of a hundred euros, “ details lawyer Bernard Lamon, specialized in intellectual property law. It is also possible to initiate administrative procedures with the CNIL.
The data collected could be used by malicious people. In the event of identity theft or fraud, it is obviously necessary to file a complaint. In recent weeks, some Britons have also noticed phishing attempts in their mailboxes.
“For the past two weeks, I have received a lot of very strange emails from banks, various companies, from Paypal, asking me to regularize situations,” says Manuela, a Morbihannaise. As a precaution, it is recommended that victims change the passwords of their various accounts. You will find a lot of advice on the Cnil website.
–