Revealed by French television channel France 2, the cyber attack reportedly has impacted the administrative details and medical information of 15 million people, with the data primarily containing names, phone numbers, and postal addresses.
However, for 169,000 of those impacted, the cyber incident also exposed medical notes, some of which were “sensitive data”, according to the ministry.
This data included notes on whether a patient was LGBTI or had AIDS, according to reports.
The ministry also said the cyber incident took place in 2025 and involved the data of roughly 1,500 medical practices that used software from Cegedim Sante.
In October, Cegedim Sante made a criminal complaint regarding the cyber incident and said that roughly 1,500 doctors of the 3,800 who use the software were impacted.
The company said it was “supporting its clients and their patients as much as possible” and would “fully cooperate with the authorities”, adding that the cyber incident involved “15.8 million administrative files … among which 165,000 contain a personal annotation by the doctor relating to sensitive information”, it said.
While the ministry said the cyber incident had been claimed by a threat actor, it did not disclose who it was.
News of the healthcare cyber attack comes as a threat actor claimed responsibility for a breach of the French national bank database, claiming to have exfiltrated the data from 1.2 million accounts.
The French finance ministry announced the incident, adding that the hacker used stolen credentials belonging to a ministry official to access the database, which contained names, addresses and account numbers.
Daniel Croft