The 500,000 medical files found online come from laboratories in Brittany, Normandy and Center-Val-de-Loire

According to the health software publisher Dedalus, the 28 laboratories affected by the leak would all come from the regions of Brittany, Center-Val-de-Loire and Normandy.

The publisher of software for healthcare establishments Dedalus France said on Friday that it had identified among the 28 laboratories concerned by the medical data leak which affected nearly 500,000 people.

They are spread over 6 departments in the Brittany, Center-Val-de-Loire and Normandy regions. “Dedalus France confirms that it is investigating a serious act of cybercrime that led to the data breach of some of its laboratory customers”,

On the legal front, the Paris prosecutor’s office opened a judicial investigation on Thursday 25 February, entrusted to the Central Office for the Fight against Crime related to Information and Communication Technologies (OCLCTIC). The two charges retained are “fraudulent access and maintenance in an automated data processing system” and “extraction, possession and fraudulent transmission“Hacked data.

An investigation was also launched by the CNIL on Wednesday, in order to determine the breaches at the origin of this leak of medical data. A case of a “particular gravity“, According to Louis Dutheillet de Lamothe, secretary general of the national commission for data processing and freedoms. In the event of a breach noted, the company risks a fine of up to 4% of its worldwide turnover, or 2,208,120.

A leak reported as early as November 2020

According to, the data would come from several laboratories located in the north-western quarter of France. These medical centers have one thing in common: the use of software for entering medical-administrative information published by the Dedalus group. The data contained in these documents would be particularly sensitive, in particular comments on the state of health of the patients: potential pregnancy, drug treatments, or pathologies such as HIV. With data worth gold, the file would have a value of “2000 to 3000 euros“, According to David Sygula, cybersecurity expert for CybelAngel.

Yet in this case, the files were published free of charge, an element which suggests that they have “already been used»According to the expert. This reasoning coincides with a statement from the National Information Systems Security Agency (Anssi) which told AFP that it had identified the “originOf the health data leak, and having reported it to the Ministry of Health in November 2020.

«The victims should have been notified»

But if this leak had already been observed earlier, why has it remained quiet? The CNIL explains that it was only warned on February 24 by the press of this leak. The commission explained that it should however have been informed earlier by the laboratories. “ Both Anssi and the Ministry of Health had no obligation to approach the CNIL. It is up to the bodies notified of a security breach to contact us “, explains the organization.

«With regard to the GDPR, the data controller has the obligation to notify the CNIL of the violations observed», Explains Maître Ariane Mole, lawyer specializing in data protection at Bird & Bird. The victims should also have been notified of this leak when it was observed: “ If an incident is found and the risk is high, such as with health data, officials also have an obligation to notify victims.», Underlines the lawyer.


SEE ALSO – Cyber ​​attack: “Today, hospitals are targets», Deplores Frédéric Valletoux

Related Posts

Starlink: a small village in Normandy is united against an antenna of Elon Musk

Comments Off on Starlink: a small village in Normandy is united against an antenna of Elon Musk

Île-de-France: how the price of public transport has evolved over ten years

Comments Off on Île-de-France: how the price of public transport has evolved over ten years

The CNIL investigates after the leak of hundreds of thousands of French medical data

Comments Off on The CNIL investigates after the leak of hundreds of thousands of French medical data

Paris-Normandy: justice will decide on Monday between the Belgian offers

Comments Off on Paris-Normandy: justice will decide on Monday between the Belgian offers

Epic Games files a complaint against Apple with the European Commission

Comments Off on Epic Games files a complaint against Apple with the European Commission

Major Australian Banks Report Online Service Outages

Comments Off on Major Australian Banks Report Online Service Outages

Online commerce: more than 180,000 transactions every hour in France

Comments Off on Online commerce: more than 180,000 transactions every hour in France

Roissy Charles de Gaulle airport opens a Covid-19 screening center

Comments Off on Roissy Charles de Gaulle airport opens a Covid-19 screening center

Controversial social network Parler is back online

Comments Off on Controversial social network Parler is back online

Free public transport in Ile-de-France on the night of December 31

Comments Off on Free public transport in Ile-de-France on the night of December 31

“Le Roi de la Capote” is now well established

Comments Off on “Le Roi de la Capote” is now well established

Paris-Normandy: justice will decide on Monday between the Belgian offers

Comments Off on Paris-Normandy: justice will decide on Monday between the Belgian offers

Create Account



Log In Your Account