The personal data of around 1.4 million people, who carried out the Covid-19 test in Ile-de-France in mid-2020, were stolen “after a computer attack,” announced this Wednesday the Public Assistance-Hospitals of Paris (AP-HP).
This attack was “carried out during the summer and confirmed on September 12,” the AP-HP said in a statement, adding that it had filed a complaint with the Paris Prosecutor’s Office on Wednesday.
The events were also reported to the National Commission for Information Technology and Freedoms (Cnil) and the National Information Systems Security Agency (Anssi). The CNIL said late Wednesday that it “opened an investigation into this violation.”
The hackers did not target the National Screening Test Archive (SI-DEP), but rather “a secure file-sharing service”, used “very occasionally in September 2020” to broadcast to health insurance agencies and regional authorities. health (ARS) information “useful for + contact tracing +”.
These data include “the identity, social security number and contact details of the people tested”, as well as “the identity and contact details of the healthcare professionals who treat them, the characteristics and the result of the test performed”, but they do not contain “any other medical information”.
In total, “the stolen files worry about 1.4 million people, almost exclusively due to the tests carried out in mid-2020 in Ile-de-France”, specifies the AP-HP, ensuring that those affected “will be informed individually in the following days “.
The institution acknowledges that “the theft could be linked to a recent security flaw in the digital tool” that it uses to share files, to which “access was immediately cut off pending the completion of the investigations.” The latter “continue to determine the origin and modus operandi of this attack.”
The Health Ministry told AFP that it had also “decided to file a complaint” so that “all the light is thrown on this leak, its consequences, and that all necessary measures be taken so that such an event does not happen again.” .