Viamedis, a French healthcare services firm, recently experienced a cyberattack that resulted in the exposure of data belonging to policyholders and healthcare professionals in the country.
While the company’s website is currently offline, a notification for the French Healthcare Data Breach was shared on LinkedIn to alert individuals about the data breach. Viamedis is actively addressing the situation and working to resolve the incident.
Viamedis French Healthcare Exposed to a Massive Health Data Hack
The Data breach at French healthcare on Viamedis resulted in the exposure of sensitive data, including a beneficiary’s marital status, date of birth, social security number, health insurer’s name, and guarantees open to third-party payment.
It is important to note that the breached systems did not contain individuals’ banking information, postal details, telephone numbers, or email addresses.
Viamedis is committed to providing healthcare professionals with specific notifications regarding the data that may have been exposed. The company is taking proactive measures to address the situation and ensure the security and privacy of affected individuals.
Viamedis has taken prompt action following the cyberattack by notifying the impacted health organizations, filing a complaint with the public prosecutor, and informing the relevant authorities such as CNIL (National Commission for Data Protection) and ANSSI (National Cybersecurity Agency of France).
Healthcare Data Breach at Viamedis Estimated to Affect 20 million
While the exact number of individuals affected has not been disclosed by Viamedis, it is known that the company manages payments for 84 healthcare organizations, covering approximately 20 million insured individuals.
Christophe Cande, the General Director of Viamedis, confirmed to Agence France-Presse (AFP) that an investigation is currently underway to determine the full scope and implications of the breach. Viamedis is committed to providing updates as the investigation progresses and taking necessary measures to address the incident.
“To date, we do not have the number of insured individuals impacted; we are still in the process of investigation.”
Cande (GD Viamedis)
According to Christophe Cande, the General Director of Viamedis, the Healthcare Data Breach was not a ransomware incident. Instead, he clarified that the breach occurred as a result of a successful phishing attack targeting one of their employees, which allowed the threat actor to gain unauthorized access to their systems.
Malakoff Humanis, one of the organizations collaborating with Viamedis, has acknowledged the indirect impact of the data breach on their website. They have posted a notice to inform their customers about the cyberattack and the resulting disruption of services.
Additionally, Viamedis is taking proactive steps by sending data breach notifications directly to affected customers, keeping them informed about the incident and any potential impact on their personal data.
In line with the information provided by Viamedis, Malakoff Humanis has reiterated that no banking, medical, or contact details stored on their platforms have been compromised due to the cyberattack.
They assure their clients that access to user accounts and reimbursement claims remains unaffected. However, they acknowledge that the temporary disconnection of the Viamedis platform may impact the provision of certain healthcare services.
Other service providers that utilize Viamedis, such as Carte Blanche Partenaires, Itelis, Kalixia, Santéclair, and Audiens, are expected to face similar challenges as a result of the incident.
Furthermore, local media reports in France have indicated that the cyberattack targeted not only Viamedis but also another payment processor for healthcare organizations called “Almerys.” The extent and impact of the attack on Almerys are currently under investigation.
