Cyber Crime
Massive Data Breach Exposes 750,000 Patient Records at Hospital, Hacker Claims Access to 1.5 Million
A significant data breach has been reported at an undisclosed hospital in France, compromising the sensitive medical records of approximately 750,000 patients. The breach was carried out by a threat actor operating under the alias ‘nears’ (formerly known as ‘near2tlg’), who claims to have targeted multiple healthcare facilities across the country.
The hacker alleges possession of over 1.5 million patient records and attributes the breach to unauthorized access to MediBoard, an electronic patient record (EPR) system developed by Softway Medical Group. MediBoard is widely used by healthcare providers across Europe.
ALSO READ: Nominations Open for FCRF Excellence Awards Honoring Fraud Risk Management Professionals at FutureCrime Summit 2025
Source of the Breach
Softway Medical Group has confirmed the compromise of a MediBoard account but clarified that the incident was not due to a software vulnerability or misconfiguration. Instead, the attack exploited stolen credentials belonging to a privileged account at the hospital.
In a statement to the media, Softway Medical Group emphasized that the affected data was hosted by the hospital, not directly managed by their company. “The compromised health data were not hosted by Softway Medical Group,” the company said in a letter shared with French media.
A spokesperson further elaborated: “Our software is not at fault. A privileged account within the client’s infrastructure was compromised, allowing the attacker to exploit the standard features of the solution. This is not due to software implementation issues or human error on our end.”
Stolen Data Offered for Sale
Following the breach, the threat actor began advertising access to MediBoard accounts for several French hospitals, including Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d’Arc, Clinique Saint-Isabelle, and Hôpital Privé de Thiais. The attacker also put patient data from the unnamed hospital up for sale, affecting 758,912 individuals.
The stolen data reportedly includes: Full names, Dates of birth, Gender, Home addresses, Phone numbers, Email addresses, Physician details, Prescription histories and Health card usage information.
The hacker claims to have shared the data with three potential buyers, although no confirmed sales have been reported.
ALSO READ: FutureCrime Summit: Biggest Conference on Cyber Crimes Set to Return on February 13-14, 2025, in New Delhi
Risks to Patients
The exposure of such sensitive information poses severe risks, including phishing attacks, identity theft, and other forms of social engineering. Even if the data remains unsold, there remains a possibility that it could be leaked online, further amplifying the threat to affected individuals.
A Growing Concern for Healthcare Cybersecurity
This incident highlights the persistent vulnerabilities within healthcare systems and the critical need for robust cybersecurity measures. The misuse of privileged accounts underscores the importance of implementing strong authentication protocols and constant vigilance against credential theft.
Authorities are likely to launch an investigation into the breach to mitigate the damage and ensure accountability. Meanwhile, impacted individuals are advised to remain vigilant against suspicious communications and take steps to protect their personal information.