A major data breach has rocked the healthcare industry in France, with an unnamed hospital falling victim to a cyberattack that has compromised the sensitive medical records of approximately 750,000 patients. The breach was orchestrated by a threat actor known as ‘nears’ (previously identified as ‘near2tlg’), who claims to have targeted multiple healthcare institutions across the country.
The hacker asserts that they have gained access to over 1.5 million patient records by exploiting vulnerabilities in MediBoard, an electronic patient record (EPR) system developed by Softway Medical Group and widely utilized by healthcare providers throughout Europe.
Softway Medical Group, the developer of MediBoard, has acknowledged the breach of a MediBoard account but clarified that it was not the result of a software flaw or misconfiguration. Instead, the attack was carried out through the use of stolen credentials belonging to a privileged account at the hospital in question.
In a statement released to the press, Softway Medical Group stressed that the compromised health data was hosted by the hospital and not managed directly by their company. They emphasized, “The compromised health data were not hosted by Softway Medical Group,” in a letter shared with French media. A company spokesperson additionally explained, “Our software is not at fault. A privileged account within the client’s infrastructure was compromised, allowing the attacker to exploit the standard features of the solution. This is not due to software implementation issues or human error on our end.”
Subsequent to the breach, the threat actor began offering access to MediBoard accounts for several French hospitals, including Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d’Arc, Clinique Saint-Isabelle, and Hôpital Privé de Thiais. Additionally, the hacker put up for sale patient data from the confidential hospital breach, affecting 758,912 individuals. The compromised data reportedly contains full names, dates of birth, gender, home addresses, phone numbers, email addresses, physician details, prescription histories, and health card usage information.
The hacker alleged that the stolen data has been shared with three potential buyers, although there have been no confirmed sales as of yet.
The exposure of such sensitive information poses significant risks to the affected individuals, including the potential for phishing attacks, identity theft, and other forms of social engineering. Even in the absence of sales, there is a looming threat that the data could be leaked online, further jeopardizing the privacy and security of the patients involved.
This incident underscores the ongoing vulnerabilities within healthcare systems and the urgent need for robust cybersecurity measures. The misuse of privileged accounts highlights the necessity of implementing stringent authentication protocols and maintaining constant vigilance against credential theft.
Authorities are expected to launch an investigation into the breach with the aim of mitigating the damage and ensuring accountability. Meanwhile, impacted individuals are urged to stay alert to any suspicious communications and take proactive measures to safeguard their personal information.
The cybersecurity breach at the undisclosed hospital in France serves as a stark reminder of the ever-present threat to sensitive healthcare data and reinforces the critical importance of maintaining strong security protocols in the face of evolving cyber threats.