February 13, 2024 at 11:57AM
France’s data protection agency CNIL is investigating massive data breaches at two healthcare payment management companies, potentially affecting over 33 million people. The cyberattack targeted Viamedis and Almerys, compromising personal data such as marital status and social security numbers. CNIL will ensure the companies comply with GDPR rules on victim disclosure.
From the meeting notes provided, it’s clear that the French data protection agency CNIL is investigating significant data breaches at two companies, Viamedis and Almerys, which manage third-party healthcare payments. The breach has potentially put over 33 million individuals at risk, affecting personal information such as marital status, date of birth, social security numbers, and health insurer details, while some sensitive data like banking details and medical information were not impacted. The agency is emphasizing the need for the breached companies to adhere to the European Union’s GDPR rules regarding victim disclosure. In response to the scale of the violation, the CNIL is conducting investigations to determine the adequacy of the security measures before and after the incident. Additionally, there is a growing trend in GDPR fines, as seen in the surge to $1.25 billion in 2021. This investigation and its potential repercussions will likely have a substantial impact on the affected companies and the wider healthcare and data protection sectors in France.