A French company that handles payments for health insurance firms suffered a major data breach that possibly put sensitive information of millions of people at risk.
Viamedis announced the breach on its LinkedIn page, as its website is offline and at press time, the website was still unavailable.
As per the announcement, machinetranslated from French, unnamed threat actors breached Viamedis and stole client personal information including marital status, date of birth and social security number, name of their health insurer and guarantees available to thirdparty payers.
Disconnecting the platform
“Neither bank information, nor postal address, nor telephone number, nor email are affected by this malicious act,” the company confirmed in the announcement. As for health data, fewer than 50 beneficiary invoices have been breached, which contain details on medical transport only (taxi and ambulance).
Viamedis did not state how many people were affected by the breach, but it did confirm that it manages thirdparty payments for 84 complementary health insurance companies which when combined, service 20 million people.
As soon as the data breach was spotted, Viamedis disconnected its thirdparty payment management platform.
“Beneficiaries will be able to continue to use their carte vitale and their thirdparty payment card, the temporary disconnection from the Viamedis platform will only have an impact on certain health professionals, in particular opticians and audioprosthetists,” it said.
“To date, we do not have the number of insured individuals impacted; we are still in the process of investigation,” Cande said.
Viamedis filed a complaint with the public prosecutor, and notified other relevant authorities. For healthcare professionals, it said it would notify them on the details of exposed data later.
Via BleepingComputer