Health provider data is still of interest to cybercriminals: the company Almerys, specializing in third-party payment management on behalf of mutual insurance companies, today announced that it had been the victim of a computer intrusion.
The company explains in a press release that the intrusion allowed the attackers to access the information of its beneficiaries. The data concerned are as follows: “surname, first name, date of birth, birth order, social security number, name of the health insurer, insurer’s contract number and an internal reference.”
The attack was made possible thanks to the compromise of several healthcare professional accounts with access to its third-party payment platform. Following the attack, the company chose to disconnect its platform dedicated to healthcare professionals and implemented surveillance measures to limit the risks.
The intrusion did not interrupt the operation of the services
Almerys ensures that the intrusion did not interrupt the operation of its services and that all its systems are working with the exception of the portal dedicated to healthcare professionals.
It also ensures that “banking information, medical data, health reimbursement details, postal details, telephone numbers and email addresses are in no way affected by this violation.”
In addition, a complaint was filed with the public prosecutor, as well as a report with the CNIL and Anssi. Almerys is not yet giving the number of users affected by the attack.
Law of series
Almerys’ announcement echoes another similar data leak reported last week by the company Viamedis, which operates in the same sector as Almerys.
Again, the attackers took advantage of compromised accounts belonging to healthcare professionals to access the company’s portal and steal customer information.
The company explained that the attackers had accessed “marital status, date of birth and social security number, name of their health insurer and guarantees open to third-party payers” as well as around fifty beneficiary invoices.
In response to this intrusion, Viamedis interrupted the service of its platform and its website remained inaccessible this morning, but the company’s manager clarified to AFP that the services continued to operate and that beneficiaries could continue to use their vital card and their mutual insurance card.