On November 19, 2024, a French hospital using Softway Medical Group’s MediBoard electronic health records system suffered a cyberattack, exposing over 750,000 patient records. The breach occurred after a threat actor accessed the system using compromised credentials from the hospital’s infrastructure, not through software vulnerabilities or misconfigurations, according to Softway.

The attacker is reportedly selling access to the compromised system on dark web forums, offering “exclusive control” over multiple healthcare establishments, including Centre Luxembourg, Clinique Alleray-Labrouste, and others. They claim to have stolen 1.5 million records and listed a subset of 758,912 records for sale. These records include sensitive data like patients’ full names, addresses, phone numbers, prescriptions, health histories, and more—posing risks such as phishing attacks, identity theft, and extortion.

The compromised hospital has been identified as Aléo Santé, a healthcare group managing 14 clinics and three retirement homes. The attack did not impact patient care, and authorities are investigating the breach. No ransom demands have been disclosed.

Source

Tags: news