The French Ministry of Health has confirmed a massive breach of administrative and personal data concerning nearly 15 million individuals. The cyberattack targeted the MLM software of the company Cegedim Santé, used by approximately 1,500 doctors. Although the provider assures the security of medical records, the investigation has revealed that sensitive doctors' notes, including information on patients' sexual orientation and religion, have ended up on the black market. The prosecutor's office has launched an official investigation into the matter.

Massive Scale of the Breach

The attack affected between 11 and 15 million people, making it one of the largest data breaches in French history.

Leak of Sensitive Notes

Hackers gained access to free text fields where doctors described patients' lifestyles and intimate details.

Prosecutor's Investigation

Investigators in Paris are analyzing how the passwords of 1,500 doctors were compromised, enabling the mass theft of information.

Crisis of Trust in E-Health

Doctors' unions are demanding a revision of security principles in digital medical systems.

France is grappling with one of the most serious privacy breaches in the history of public service digitization. Official statements from the government and the company Cegedim Santé confirm that administrative data collected in software used by general practitioners fell victim to hackers. The scale of the incident is staggering, affecting between 11 and 15 million patients, which is nearly a quarter of the country's population. Preliminary findings indicate that the attackers gained access to the systems by compromising passwords belonging to around 1,500 medical professionals. While Cegedim is trying to reassure the public, claiming that proper medical records remained untouched, an investigative report by France Télévisions sheds a different light on the situation. In the databases that leaked onto the dark web, text fields containing doctors' handwritten notes were found. These notes often went beyond standard bureaucracy, revealing information about sexual orientation, political views, or details of patients' private lives. This type of data is extremely dangerous, as it can be used for blackmail or sophisticated targeted phishing. The French healthcare system has been undergoing a digital transformation since the 1990s, which accelerated with the introduction of the universal patient record, but this created central points of vulnerability to hacker attacks. The medical community's reaction was immediate. The doctors' union MG France publicly questioned the security of the cloud-based data storage model and called for a debate on how e-health functions in its current format. The Paris prosecutor's office is investigating illegal access to automated data processing systems and breach of professional secrecy. Experts warn that once made public, data remains on the internet forever, which places an obligation on the state to protect citizens from the potential consequences of its misuse. „Le ministère confirme que les données administratives de 15 millions de Français ont fuité après une cyberattaque contre un logiciel de gestion pour médecins.” (The ministry confirms that the administrative data of 15 million French citizens has leaked following a cyberattack against a management software for doctors.) — French Ministry of Health