A massive data breach has exposed a trove of personal information after a threat actor compromised a French hospital’s electronic medical records system.
Softway Medical Group has confirmed that an attacker breached the MediBoard health records system using compromised credentials belonging to the impacted hospital.
“On November 19, 2024, a cyberattack was detected within a healthcare facility using the Mediboard software,” the company stated.
However, Softway insists the breach did not result from a system misconfiguration or software vulnerability and that the impacted data was under the impacted hospital’s management.
Hacker sells initial access to a medical records system
The threat actor is selling access to the compromised Softway’s MediBoard system, allegedly granting “exclusive control over multiple establishments.” The allegedly affected hospitals include Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d’Arc, Clinique Saint-Isabelle, and Hôpital Privé de Thiais.
The hacker claims the access would allow the buyer to access the impacted hospitals’ sensitive information, including patients’ medical records and billing information.
Additionally, it would enable them to obtain privileges to create and modify medical records, make and modify appointments, manage stock, have full access to billing, and make death declarations.
Hacker sells over 750,000 medical records stolen from a French hospital
The hacker claims they have 1.5 million records after breaching the MediBoard medical records system. To prove thier claim, they listed the medical records of 758,912 patients stolen from an unnamed French hospital for sale on the dark web hacking forum BreachForums.
While the threat actor is offering 1.5 million records to a single buyer, they are also selling the listed 758,912 records to three buyers.
They claim the stolen medical records expose the patients’ full names, dates of birth, gender, home addresses, phone numbers, email addresses, physicians, prescriptions, and health history. These details are a goldmine for cybercriminals for targeted phishing attacks.
If the medical records were to leak to the public, they could compromise the impacted patients’ privacy and confidentiality, putting them at risk of extortion and other negative outcomes.
French hospital Aléo Santé was source of the data leak
Softway now says the cyber attack stemmed from a threat actor compromising a privileged account within the French hospital’s infrastructure and utilizing MediBoard’s functions to access medical records. The software company also says the compromised data was hosted by the affected hospital.
“We want to emphasise that the affected health data were not hosted by Softway Medical Group,” the company said.
Details have also emerged that the security breach affected the French hospital Aléo Santé, which incorporates 14 health clinics and three retirement homes.
The French hospital says the incident is under investigation by various authorities and has not affected patient care, thus ruling out a ransomware attack.
The healthcare group has not disclosed whether it has received any ransom demands to prevent the publication of patient information.
Hospital systems targeted by hackers
Meanwhile, hospital systems are lucrative targets for cyber attacks, given the vast amount of sensitive patient information they collect and store and the implications of their disruption.
In November 2023, hackers disrupted numerous hospitals across the United States after breaching Prospect Medical Holdings and accessed over 500,000 records, including Social Security numbers.
A similar cyber attack on health technology firm Change Healthcare in February 2024 affected the healthcare enterprise, medical records, claims, and payment systems that numerous pharmacies depend on for daily operations.
Subsequently, it disrupted operations across numerous US pharmacies, preventing them from processing payments or filing insurance claims, thus affecting the fulfillment of prescription orders.