The Assistance Publique – Hôpitaux de Paris (AP-HP) announces that it has filed a complaint for “ theft of files containing personal data “. This illegitimate copy would be consecutive “ following a computer attack carried out during the summer and confirmed on 12 last September “, targeting a “ secure file sharing service hosted and used by the AP-HP ” suffering from a vulnerability.
“ To transmit data from medical biology laboratories useful for monitoring and supporting people to the Health Insurance and Regional Health Agencies (contact tracing), this service was used very occasionally in September 2020, in addition to the national screening information system (SI-DEP), for which the AP-HP is in charge of the work on behalf of the Ministry of Solidarity and Health and which encountered technical difficulties in its transmission tools ”
In the lot, some 1.4 million people. Common point: they carried out anti-Covid mi – 2020 tests. What personal data is involved? “ the identity, social security number and contact details of the people tested, the identity and contact details of the healthcare professionals taking care of them, the characteristics and the result of the test carried out “.
LAP-HP wants to reassure:” no medical data other than those strictly related to the performance of the test is concerned ” . “ Investigations are continuing to determine the origin and modus operandi of this attack. Access to this service was immediately cut off pending the end of these investigations ”
In addition to the complaint, the flaw was reported to the CNIL and at ANSSI. The persons concerned will be informed individually. “ The AP-HP recalls that the fact of extracting, holding, reproducing, transmitting, deleting or fraudulently modifying the data of an automated processing constitutes a criminal offense ”.
Failure to secure the processing of personal data may also be sanctioned by the CNIL.