The Ameli Health Insurance platform was attacked by hackers who managed to take control of the accounts of 19 healthcare professionals. The personal information of 510,000 beneficiaries was stolen.
Particularly sensitive, health data is a favorite target for cybercriminals. New illustration with an attack against Health Insurance which allowed hackers to steal the personal information of 510,000 beneficiaries.
It was the Ameli platform that was targeted, the hackers having succeeded in taking control of the accounts of 19 health professionals, mainly pharmacists. Detected at the end of last week, the attack was notified to the Cnil on March 16. The next day, the Health Insurance filed a complaint.
Ameli’s Infopatient service targeted
To carry out this offensive, the hackers recovered the usernames and passwords of healthcare professionals on the dark web, before using robots to carry out chain queries on the Infopatient service. This gives access to identity data (surname, first name, date of birth, gender), Social Security numbers and information on the rights of the insured (attending doctor, allocation of complementary health insurance or State medical aid, possible 100% reimbursement).
In contrast, “contact (email, address, telephone) and bank details, as well as data relating to any pathologies/diseases and the consumption of care, are not concernedprovides health insurance. As soon as the attack and the accounts at the origin of these abnormal solicitations of the Infopatient service were identified, the IP addresses concerned were banned and the accounts of the healthcare professionals reset..
This is not the first time that health data has been targeted by cyberattacks in France. In 2021, a large health data file containing up to 60 sensitive information (last name, first name, date of birth, telephone number, attending physician, Social Security number, blood group, laboratory, date of sampling, pathologies, etc.) found itself freely available on the Internet. In total, the data of almost 500,000 people had been compromised. Also in 2021, a computer attack suffered by the Assistance Publique-Hôpitaux de Paris (AP-HP) led to the theft of the personal data of 1.4 million people who had taken a Covid-19 screening test.