French Regulator Lambasts Health Firms Over Mass Data Leak | #cybersecurity | #cyberattack

France’s privacy watchdog said it’s investigating the leak of sensitive health data on half a million people and said the companies involved could face heavy penalties if they don’t come forward with details of the breaches.

The leaks were of “particularly significant magnitude and severity,” the CNIL said in a statement. Hackers may have infiltrated software made by Dedalus France that was used by medical testing laboratories, according to press reports.

The privacy watchdog cited media reporting on the incidents and said the companies should have notified it of the breaches within 72 hours. It said the individuals affected should also be informed. It was unclear if the victims had been informed as the CNIL reacted to the leaks.

A first mention of the data set popped on the darkweb on Jan.31 and later by another anonymous account on Feb.4. The extensive document was published on Feb. 12 under the mention “500,000 French hospital records” and it was shortly after posted other darweb sites sites, including a Russian forum, according to a CybelAngel white paper on the leaks.

Online tech newsletter Zataz first reported the breaches on Feb. 14.

“This is most serious leak of personal, intimate health data we’ve seen on the darkweb so far,” said David Sygula, a senior analyst at CybelAngel, a cyber security firm. “The data was released in one file this month, we believe.”

Original Source link

Leave a Reply

Your email address will not be published.

seven + two =