French hospital suffers major data breach in cyberattack

A hospital in France has been hit by a cyberattack that penetrated its electronic health record (EHR) system, exposing data from more than 750,000 patients.

The attacker claiming responsibility for the breach – first reported by BleepingComputer – is a threat actor known as 'nears' and has indicated that it has access to health data from another 1.5 million people. The compromised EHRs were put up for sale on the Dark Web on Tuesday.

The group says it breached the MediBoard EHR platform developed by French software company Softway Medical, although an article on the DSIH website suggests that the software was being licensed and hosted by a third party. It achieved access to the platform through the use of stolen login credentials for a 'privileged' account.

"On November 19, 2024, a cyberattack was detected within a healthcare facility using the Mediboard software,” said Softway in a statement.

"We want to emphasise that the affected health data were not hosted by Softway Medical Group."

Image by mcmurryjulie from Pixabay