Cybercriminals swipe 15.8M medical records from French doctors ministry
(2026/03/03)
- Reference: 1772535607
- News link: https://www.theregister.co.uk/2026/03/03/french_medical_leak/
- Source link:
Around 15.8 million administrative files were stolen after attackers breached a software supplier to France's health ministry.
The supplier, Cegedim Santé, confirmed the data was compromised in late 2025. Approximately 165,000 of these files contained notes penned by doctors, which in "very limited cases" contained sensitive information about an individual's medical history.
According to broadcaster France 24, which first reported the news, these medical histories included, in some cases, details of conditions such as HIV/AIDS and individuals' sexual orientations. Top politicians were [1]reportedly among the individuals whose info was extracted.
[2]
The attack targeted Cegedim's MonLogicielMedical (MLM) software, which it claims is used by 3,800 doctors across France, 1,500 of whom were affected.
[3]
[4]
MLM allows patients to check their health records electronically, communicate with their physician, and offers doctors a range of administrative features.
Cegedim confirmed that all the stolen information was contained in patients' administrative files. In addition to doctors' notes accessed "in free text," the files also included information such as full names, genders, dates of birth, telephone numbers, home addresses, and email addresses.
[5]
"Cegedim is particularly committed to data sovereignty and security, and deeply regrets this situation," the vendor [6]said [PDF].
[7]Gamers furious as Brit studio Cloud Imperium quietly admits to data breach
[8]Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
[9]UK businesses told to brace cyber defenses amid Iran conflict risk
[10]Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes
"The company is fully aware of the inconvenience that this incident may cause. Cegedim reaffirms its total commitment to the fight against cybercrime and data protection, which are major societal issues. Cegedim also reiterates that it is cooperating with the relevant authorities in the ongoing investigation."
The Register contacted the health ministry for more information but it did not respond.
News of the attack comes just weeks after a separate data security incident, also concerning the French government, came to light.
The country's finance ministry [11]confirmed on February 18 that in January, attackers accessed its national bank account file, which contains the details of all bank accounts in France.
[12]
Attackers stole details pertaining to around 1.2 million accounts, including account numbers, account holders' addresses, and tax identification numbers.
Affected individuals were notified directly and warned to be vigilant for potential phishing attempts.
The government said that whoever was behind the attack [13]impersonated a civil servant "with access rights for inter-ministerial information exchange," and accessed a portion of the file. ®
Get our [14]Tech Resources
[1] https://www.france24.com/en/live-news/20260227-hackers-steal-medical-details-of-15-million-in-france
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.cegedim.com/Communique/Cegedim_PressRelease260226_ENG.pdf
[7] https://www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/
[8] https://www.theregister.com/2026/03/03/microsoft_oauth_scams/
[9] https://www.theregister.com/2026/03/02/ncsc_security_iran/
[10] https://www.theregister.com/2026/03/02/dubai_iran_sim_swap/
[11] https://www.theregister.com/2026/02/22/french_bank_hack/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/08/21/impersonation_as_a_service/
[14] https://whitepapers.theregister.com/
The supplier, Cegedim Santé, confirmed the data was compromised in late 2025. Approximately 165,000 of these files contained notes penned by doctors, which in "very limited cases" contained sensitive information about an individual's medical history.
According to broadcaster France 24, which first reported the news, these medical histories included, in some cases, details of conditions such as HIV/AIDS and individuals' sexual orientations. Top politicians were [1]reportedly among the individuals whose info was extracted.
[2]
The attack targeted Cegedim's MonLogicielMedical (MLM) software, which it claims is used by 3,800 doctors across France, 1,500 of whom were affected.
[3]
[4]
MLM allows patients to check their health records electronically, communicate with their physician, and offers doctors a range of administrative features.
Cegedim confirmed that all the stolen information was contained in patients' administrative files. In addition to doctors' notes accessed "in free text," the files also included information such as full names, genders, dates of birth, telephone numbers, home addresses, and email addresses.
[5]
"Cegedim is particularly committed to data sovereignty and security, and deeply regrets this situation," the vendor [6]said [PDF].
[7]Gamers furious as Brit studio Cloud Imperium quietly admits to data breach
[8]Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
[9]UK businesses told to brace cyber defenses amid Iran conflict risk
[10]Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes
"The company is fully aware of the inconvenience that this incident may cause. Cegedim reaffirms its total commitment to the fight against cybercrime and data protection, which are major societal issues. Cegedim also reiterates that it is cooperating with the relevant authorities in the ongoing investigation."
The Register contacted the health ministry for more information but it did not respond.
News of the attack comes just weeks after a separate data security incident, also concerning the French government, came to light.
The country's finance ministry [11]confirmed on February 18 that in January, attackers accessed its national bank account file, which contains the details of all bank accounts in France.
[12]
Attackers stole details pertaining to around 1.2 million accounts, including account numbers, account holders' addresses, and tax identification numbers.
Affected individuals were notified directly and warned to be vigilant for potential phishing attempts.
The government said that whoever was behind the attack [13]impersonated a civil servant "with access rights for inter-ministerial information exchange," and accessed a portion of the file. ®
Get our [14]Tech Resources
[1] https://www.france24.com/en/live-news/20260227-hackers-steal-medical-details-of-15-million-in-france
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.cegedim.com/Communique/Cegedim_PressRelease260226_ENG.pdf
[7] https://www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/
[8] https://www.theregister.com/2026/03/03/microsoft_oauth_scams/
[9] https://www.theregister.com/2026/03/02/ncsc_security_iran/
[10] https://www.theregister.com/2026/03/02/dubai_iran_sim_swap/
[11] https://www.theregister.com/2026/02/22/french_bank_hack/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aacTuPGnuFrsJV9i3QjpTQAAA4k&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/08/21/impersonation_as_a_service/
[14] https://whitepapers.theregister.com/
ParlezVousFranglais
But don't worry, the personal details and biometrics of the 450+ million visitors to the EU each year now being added to the EES system are totally secure, forever, no chance of any hack, nope, no way, these aren't the droids you're looking for, move along, move along...
heyrick
" MLM allows patients to check their health records electronically, communicate with their physician, and offers doctors a range of administrative features. "
How is this different or better to Mon Espace Santé?
It sounds like an announcement on Britain's railways
>> The company is fully aware of the inconvenience that this incident may cause.
Yeah. The next incident will be along shortly.