Data Breach at French Public Health Insurer Exposes Personal Data of 500,000 Policyholders

Personally identifiable information of more than half a million French citizens was stolen from the Caisse Nationale de l’AssuranceMaladie (CNAM) after criminals gained access to healthcare professional accounts.

Have you fallen victim to a data breach? Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection service.

Our privacy-focused tool hunts for exposed email addresses, breached passwords and other personal data on the surface web and dark web. You can stay on top of privacy threats with 24/7 data breach alerts and concise one-click action items and advice to help you prevent financial damages.

What happened?

In a brief posted March 17, the public health insurer said unknown attackers infiltrated its patient services, accessing information of 510,000 policyholders.

Until now, the insurance provider has identified 19 compromised healthcare professional accounts used to connect to its ‘Infopatient’ services.

“As soon as the attack and the accounts at the origin of these abnormal solicitations of the Infopatient service were identified, the IP addresses concerned were banned and the accounts of the healthcare professionals reset,” CNAM said.

Stolen data includes names, date of birth, gender, Social Security numbers, and levels of reimbursement. On a more positive note, CNAM said no contact details (email address, postal address, telephone numbers), bank details or data related to any illnesses or treatment were affected by the attack.

In response to this massive data breach, L’assuranceMaladie notified the National Commission for Computing and Freedoms (CNIL) and filed a criminal complaint.

All concerned policyholders will receive a letter or email from CNAM with further instructions.

Bitdefender’s safety tips for data breach victims

Although CNAM has confirmed that no email addresses or phone numbers were compromised, the attacker can use the exposed names to gather more intel on potential targets. Other cybercriminals and spammers could also piggyback on the data breach, conducting phishing attacks on unwary French citizens.

To boost overall security, data breach victims should:

• Watch out for unsolicited emails allegedly sent from L’assurance Maladie
• Never respond to requests seeking to confirm sensitive information such as passwords or payment information
• Read the message carefully and look for peculiar wording or grammar mistakes
• Enable two-factor authentication on accounts
• Do not respond to unsolicited telephone calls or urgent text messages asking for personal information
• Contact your health insurance provider whenever in doubt using official channels only
• Install a security solution that blocks malicious attacks and phishing attempts