A major data breach at the Center Hospitalier Sud Francilien (CHSF) near Paris has compromised sensitive medical information of approximately 750,000 patients, French authorities confirmed this week.
The cyberattack, which occurred in August 2022, resulted in unauthorized access to patient records containing personal details, social security numbers, and medical history spanning nearly two decades - from 2003 to 2022.
French police cybercrime unit launched an investigation after hospital administrators discovered the breach. Initial findings indicate that cybercriminals infiltrated the hospital's network and extracted large volumes of confidential patient data.
The stolen information includes patients' names, addresses, phone numbers, medical treatments, lab results, and other health-related documentation. Hospital officials expressed deep concern about the scope of exposed private medical records.
"This breach represents one of the largest healthcare data exposures in French history," said Marcel Levi, director of CHSF. "We are working closely with cybersecurity experts and law enforcement to investigate the incident and support affected patients."
The hospital has begun notifying impacted individuals and established a dedicated hotline to address patient concerns. Officials advised all patients who received care at CHSF between 2003-2022 to monitor their personal information for potential misuse.
French data protection authority CNIL is overseeing the hospital's response and compliance with privacy regulations. The agency emphasized that healthcare institutions must strengthen their cybersecurity measures to prevent future breaches of sensitive medical data.
The incident highlights growing cyber threats targeting healthcare facilities worldwide. Security experts warn that hospitals remain attractive targets for cybercriminals due to their vast stores of valuable personal information.
CHSF has implemented additional security protocols and continues working to enhance protection of patient data. The investigation into the source and full impact of the cyberattack remains ongoing.