A French hospital has fallen victim to a cyberattack, exposing the sensitive medical records of 750,000 patients.

The breach, attributed to a threat actor known as ‘nears,’ reportedly exploited a privileged account to access the hospital’s electronic patient record (EPR) system, MediBoard, developed by Softway Medical Group. The hacker alleges they have access to patient data from multiple French healthcare facilities, potentially affecting over 1.5 million individuals.

Softway Medical Group has confirmed the breach but denies responsibility, stating the attack was not due to vulnerabilities in its software. Instead, the hackers used stolen credentials to compromise an account within the hospital’s infrastructure. “The affected health data were not hosted by Softway Medical Group,” the company emphasized in a statement.

Buy Me a Coffee

The exposed records include highly sensitive information such as patients’ names, birthdates, contact details, physician data, prescriptions, and health card histories.

Alarmingly, the hacker has put this data up for sale, along with claims of access to other hospitals using MediBoard, enabling potential buyers to view patient records, manage billing information, and modify appointments.

READ
UK Cracks Down on Russian Money Laundering Networks Supporting Global Cybercrime