A data breach has leaked sensitive medical records of over 15 million French citizens after hackers breached a centralized health information management system used by various health facilities.
Cegedim Santé, the company that developed and manages the software, learned of the data breach after detecting abnormal application requests on doctors’ accounts at the end of 2025. It responded by launching an investigation, which determined that patient medical information was “illegally accessed or extracted.”
A French healthcare data breach leaks sensitive medical records
While information varied by individual, the data breach primarily exposed the patients’ names, genders, dates of birth, phone numbers, email addresses, and postal addresses.
Additionally, medical records containing doctors’ notes for 169,000 patients with sensitive health information were leaked. Some included extremely sensitive details, such as the patients’ HIV positive statuses and their same sex orientation.
Additionally, the medical notes were in clear-text format, making them readily readable by anyone who could access the leaked data. Top politicians were also among those affected.
Subsequently, the disclosure of highly sensitive medical records could result in stigmatization, extortion by cybercriminals, and aggressive and illegal targeting by pharmaceutical companies.
“Healthcare is consistently among the most targeted sectors, and incidents like this reinforce why. The data it holds is uniquely valuable and uniquely permanent,” said Jacob Krell, Senior Director, Secure AI Solutions & Cybersecurity, Suzu Labs. “Financial records can be frozen and reissued. The free-text notes exposed in this breach, containing sensitive details such as sexual orientation or AIDS status, cannot be recalled once they are public. That permanence is what makes healthcare data worth more to attackers and the consequences of a breach far more severe for patients.”
According to the company, the data breach involved 15.8 million administrative files, of which 165,000 contained sensitive medical records. However, it did not expose drug prescriptions or medical examination results.
Meanwhile, the French Ministry of Health claims that a threat actor has come forward and taken responsibility for the data breach, but has not disclosed their identity.
However, it remains unclear whether the attacker demanded a ransom to avoid leaking the sensitive medical records online. Nonetheless, the threat actor has leaked the compromised medical records online, irreparably harming the patients.
Centralized hospital management system breached
The data breach occurred in late 2025 and affected 1,500 of the 3,800 practitioners who use Cegedim Santé’s software, MonLogicielMedical (MLM), a centralized health information management system. MLM allows patients view their medical history and communicate with their doctors.
“Investigators have not yet confirmed the attack vector, but based on what’s been reported, the breach likely stemmed from either an unpatched software vulnerability or a targeted phishing campaign — two of the most common entry points in healthcare incidents,” said Damon Small, Board of Directors, Xcape. “Until Cegedim Santé and the French Health Ministry release more forensic detail, we can only assess it through the lens of typical healthcare attack patterns.”
Currently, Cegedim Santé is assisting impacted patients to navigate the data breach and has reported the incident to the relevant authorities. All affected doctors and patients were notified in January, and the company has taken additional security measures to contain the breach.
“As soon as the incident was detected at the end of 2025, all necessary measures were taken to deal with it, and it was contained,” the company stated.
Similarly, the French privacy watchdog, CNIL, was notified of the data breach, and a criminal complaint was filed with law enforcement. However, Cegedim Sante says it was not contacted by the threat actor, contrary to the Ministry’s assertion.
Meanwhile, the company has apologized and acknowledged the irreparable damage the data breach would cause the impacted individuals.
“The company is fully aware of the inconvenience that this incident may cause. Cegedim reaffirms its total commitment to the fight against cybercrime and data protection, which are major societal issues.”
The French health data breach occurred hot on the heels of another cybersecurity incident affecting the French national bank registry (FICOBA) that leaked the personal and payment details of 1.2 million financial account holders.
The attack leveraged a compromised civil servant’s credentials, with access to an inter-ministerial sharing system, to breach a database containing the payment information of all bank account holders in France. The country’s revenue service, Direction Générale des Finances Publiques (DGFiP), managed the compromised database.
