February 8, 2024 at 10:45AM
Two French healthcare payment service providers, Viamedis and Almerys, experienced data breaches impacting 33 million individuals. The exposed data includes personal and insurance details, but not financial information. The breaches could lead to phishing, identity theft, and insurance fraud risks. The General Data Protection Regulation (GDPR) will require Viamedis and Almerys to directly inform affected individuals, while the data protection authority will investigate the incident’s security measures and GDPR compliance.
Based on the meeting notes, the key takeaways are:
– Two French healthcare payment service providers, Viamedis and Almerys, have experienced data breaches impacting over 33 million people in France.
– Viamedis disclosed the cybersecurity incident, reporting that sensitive data such as names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment were exposed.
– Almerys has not released an official statement on the incident, but the data protection authority in France (CNIL) has confirmed both data breaches.
– The exposed data does not include financial information but raises concerns about phishing scams, social engineering, identity theft, and insurance fraud.
– CNIL will ensure that Viamedis and Almerys inform impacted persons directly and individually as required by the General Data Protection Regulation (GDPR).
– Individuals are advised to monitor their accounts closely and to treat incoming communications concerning health insurance cost reimbursements with suspicion. Additionally, CNIL has announced an investigation into the security measures of the two companies and whether they met GDPR obligations.