Health data is increasingly being targeted by hackers. On 6 July, Cerba Laboratories and on 16 July, Ketterthill Laboratories -- part of the Cerba Healthcare group -- announced the theft of data on certain biological procedures performed between 1 January 2017 and 24 June 2021.
The extent of the theft is not yet known but according to Ketterthill Laboratories, this is due to "a failure of one of its service providers, in charge of hosting one of its databases". This database has been disconnected, says the press release, and a scan does not reveal, for now, any trace of the use of the stolen data, i.e. the surname, first name, date of birth and sex of the patient, the nature of the examination carried out and its result.
The incident was notified to French regulator CNIL (Commission nationale de l'informatique et des libertés) and the Île-de-France Regional Health Agency and to Luxembourg's data protection watchdog, the CNPD.
The Luxembourg laboratory warns against unusual solicitations and canvassing.
It is not the first time this year that the French group has been associated with a cyber attack. The French cybersecurity start-up CybelAngel published a note in which it mentions the presence, on a forum, of a data set of 500,000 patients. While the report does not directly link the data to Cerba Laboratories, the French group had taken steps with its customers, according to an investigation by Libération, Paris-Normandie and Le Parisien. Hundreds of affected patients were personally notified by the French laboratory and joined groups on Facebook or WhatsApp to assert their rights. Bank and electronic data and social security numbers were included in the dataset that was put on sale.