France’s regional healthcare agencies (ARS) for Hauts-de-France, Normandy, and Pays de la Loire have reported cyber-attacks compromising patient identity data. The agencies confirmed on September 8 that attackers gained unauthorized access to servers hosting patient records from public hospitals in the affected regions.
Preliminary investigations indicate that the incidents were part of multiple, sustained attempts targeting healthcare IT infrastructure.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
What Data Was Compromised
According to ARS Hauts-de-France, the attackers accessed personally identifiable information (PII) including patient names, ages, phone numbers, and email addresses. However, all three agencies stressed that no medical or health-related records have been exposed.
The compromised accounts were disabled immediately, and extra security layers were deployed to block further unauthorized access, confirmed the Normandy agency.
How Hackers Exploited the System
Investigations revealed that cybercriminals impersonated healthcare professionals to infiltrate accounts managed by regional e-health development support groups (GRADeS). These institutions provide shared digital healthcare services across regions.
In Normandy, for example, Normand’e-Santé manages 43 digital services, including Therap-e, a telemedicine platform for remote consultations. Experts believe attackers scraped administrative patient data from such systems.
French cybersecurity expert Damien Bancal noted that attackers likely focused on data harvesting rather than disrupting healthcare operations.
Rising Risk of Phishing Attempts
While hospital operations and e-health services remain unaffected, authorities warn that the greatest risk lies in phishing attempts. Hackers could exploit stolen patient information to send fraudulent emails, texts, or calls.
Patients are urged to remain vigilant, as healthcare institutions never request sensitive details like bank accounts or social security numbers via digital channels.
The ARS Pays de la Loire announced it will notify potentially affected patients, while Normand’e-Santé has lodged complaints with authorities and reported the breach to CNIL, France’s data protection watchdog.
The incident highlights the growing threat to Europe’s healthcare sector from cybercriminals targeting identity data. French authorities are tightening safeguards, but experts warn that phishing scams exploiting stolen PII could become the most immediate danger.