In an attack on an undisclosed ‘file-sharing service’, criminals got their hands on the COVID-19 test data from Paris hospitals. This concerns test data from 1.4 million people.
The stolen data concerns the identity, social security number and contact details of the test takers, as well as the identity and contact details of the health professionals who performed the test and the characteristics and result of the test performed. It would also include tests conducted in hospitals in Paris in mid-2020.
This does not concern medical data other than data related to the execution of the test, emphasizes the Assistance publique-Hôpitaux de Paris, an umbrella organization of hospitals in the Paris region.
The organization also reports that the national screening information system SI-DEP was not affected by the attack. The break-in occurred at a file-sharing service hosted and used by Assistance publique-Hôpitaux de Paris. The organization reports that it made ‘very incidental’ use of this service in September 2020.
The theft was discovered on September 12, following a recent security breach of the file-sharing tool. Access to the service was subsequently closed and the organization reported the data breach to the required authorities, such as the French privacy authority National Commission for Informatics and Freedoms.
Covid-19 test site in Paris, source: APHP