As revealed by France 2Thursday February 26, health data concerning French patients was stolen from the Cegedim group, publisher of software for health professionals. However, some uncertainty remains as to the extent of this hacking.
What was hacked?
This is software intended for doctors, My Medical Software (MLM), used, according to Cegedim, by 3,800 customers in France. The company says it has “identified, at the end of 2025, abnormal behavior” on this software, and found that “personal data of patients from the MLM software park [avaient] been accessed or extracted illegally. » The company claims to have then secured access, filed a complaint and reported the data leak to the National Commission for Information Technology and Liberties (CNIL).
The stolen data is primarily administrative and allows us to know who is a patient of which doctor. There is a significant amount of patient phone numbers and email addresses, but the medical records themselves are not included.
France 2 explains that it also found, in the data, very personal information on several patients, such as the fact that they are homosexual, have a parent in prison, or even that they have AIDS. According to Cegedim, information of this type may have been entered, “for a very limited number of patients”.
It is about“personal annotations from the doctor regarding sensitive information. » The World was able to confirm that a sample of the data, posted online by one of the hackers, contained administrative data on nearly 300,000 patients, but that only a very small portion of it contained medical or private information.
How many people are affected?
It is not possible, at the time of publishing this article, to estimate the number of people whose personal data has been stolen. On the discussion forum where the said data was offered for sale, the hacker claims that the file contains those of 19 million patients, but only “150,000 unique email addresses”, while France 2 estimates that« between 11 [millions] and 15 million people » would be affected. Cegedim, for its part, claims that 1,500 doctors using MLM are affected by this attack, which would imply a much lower number of patients affected.
You have 50.42% of this article left to read. The rest is reserved for subscribers.