A French company that handles payments for health insurers has suffered a major data breach, potentially compromising sensitive information of millions of people.
Viamedis announced the breach on its LinkedIn page, as the website is offline – and at the time of writing, the website was still unavailable.
According to the announcement, machine translated from French, unnamed threat actors hacked Viamedis and stole customers’ personal information, including marital status, date of birth and social security number, name of their health insurer and guarantees available to third-party payers.
Disconnect the platform
“Neither banking information, postal address, phone number, nor email are affected by this malicious act,” the company confirmed in the announcement. In terms of health data, less than 50 beneficiary invoices were hacked, which only contained details of medical transportation (taxi and ambulance).
Viamedis did not specify how many people were affected by the breach, but it did confirm that it manages third-party payments for 84 additional health insurers serving 20 million people.
As soon as the data breach was noticed, Viamedis disconnected its third-party payment management platform.
“Beneficiaries will continue to be able to use their carte vitale and their third-party payment card. The temporary disconnection of the Viamedis platform will only affect certain healthcare professionals, in particular opticians and audio prosthetists,” the report said.
Speaking to Agence France-Presse (AFP), Viamedis general manager Christophe Cande said the attack was not ransomware, but rather a successful phishing attack against one of the company’s employees.
“So far we do not know how many insured persons are affected; we are still investigating,” Cande said.
Viamedis has filed a complaint with the public prosecutor and informed other relevant authorities. For healthcare professionals, it said it would notify them later of the details of the exposed data.
Through BleepingComputer