Cyber ​​attacks against two third-party payment specialists affected more than 33 million people, CNIL announced

Viamedis and Almerys are responsible for managing third-party payments for supplementary health insurance. Information stolen from Social Security holders during the attack included marital status, date of birth and Social Security number.

The National Commission for Information Technology and Liberties (Cnil) announced on Wednesday 7 February the launch of an investigation, following the recent hacking of two third-party payment operators, Viamedis and Almerys. She mentions the violation “of intensity”Because the data of 33 million people has been affected. ” was reported by the CNIL (these companies) including computer attacks (they) suffered at the end of January”, cites a press release. These operators are responsible for managing third-party payments for supplementary health insurance. “The relevant data, for the insured and their family, are marital status, date of birth and social security number, name of the health insurer as well as the contractual guarantee subscribed to.”

CNIL, on the other hand, also keeps track of banking information, medical data, health reimbursements, postal details, telephone numbers and emails. “will not be affected by the violation”. At this stage, the organization is not yet able to pinpoint which policyholders have been affected. It refers to “The Supplemental health insurance that uses hacked companies”And who should be notified “Relevant beneficiaries as provided for in the General Data Protection Regulation (GDPR)”.

Intrusion into the Viamedis platform

LThe President of the CNIL, Marie-Laure Denis“Decided to carry out an investigation very quickly to determine whether the security measures implemented before the incident and in response were appropriate with respect to the obligations of the General Data Protection Regulation”.

In early February, Viamedis, which filed a complaint with the public prosecutor, indicated that it had disconnected its management platform after discovering an intrusion, which does not prevent policyholders from taking advantage of third-party payments. Its general director, Christophe Kand, explained that it was not a ransomware attack but an infiltration of the platform. “Healthcare Professional’s Account Phished”He then declared.