A cybercriminal group infiltrated the Mediboard software, widely used in the healthcare industry, to access the data of hundreds of thousands of patients.
On November 19, the cybercriminal group near2tlg stole the data of 750,000 patients from French healthcare facilities. Hackers were able to obtain his information by targeting Mediboard, an open source application used by hospitals and medical practices to manage and transfer patient files and organize appointments.
The cybercriminal group also claims direct attacks on hospitals in France and Luxembourg, targeting Direct Assurance in the process. Mediboard’s publisher, Xtrem Santé, a subsidiary of Softway Medical, said one of its clients was the victim of a privileged account theft.
Article of the week
Leakage of sensitive data
Hackers released data samples. These include the patient’s name, name, date of birth, address and phone number, but also health information such as treating doctor, medical history, prescriptions or even death certificates. The data in question has not yet been put up for sale, near2tlg is threatening to release it unless a $5,000 ransom is paid.
For Matthieu Trivier, Semperis Pre-Sales Director EMEA, “ although information is still limited, initial reports indicate that several devices have been affected, potentially affecting up to 2 million patients “. He continues: ” These user accounts, which provide access to the most sensitive data and services, are prime targets for cybercriminals, and mismanagement of access rights can quickly cause significant breaches and weaken the entire system. “.