Leak at Cerballiance
In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.
- Victim
- Cerballiance
On 25 March 2025, Cerballiance — one of France's largest medical-laboratory networks, part of the Cerba HealthCare group — began notifying patients by email and SMS that their personal data had been compromised in a cyberattack. The breach stemmed from unauthorized access on 27 February 2025 to servers operated by an external IT provider, hosting administrative data for the Cerballiance Provence-Azur and Cerballiance Alpes Durance entities in the PACA region. Several thousand patients in the Var and Côte d'Azur areas were affected.
The intrusion did not target Cerballiance's core information systems directly but rather a third-party-hosted server. Reporting indicates the exposed records included civil-status and contact details, patient-portal login credentials (with passwords stored in encrypted form), social security numbers, and — for some patients — certain medical test reports, making part of the leak sensitive health data.
Exposed data categories reported include:
- Surname, first name and date of birth
- Postal address and contact details
- Social security number (NIR), with health-insurance scheme, mutuelle fund and rights-end date
- Patient-portal login credentials (encrypted passwords)
- Certain medical analysis reports (for some patients)
Cerballiance said it identified and shut down the source of the breach, reset affected passwords, and filed a criminal complaint. The company notified the relevant authorities — ANSSI, the data-protection regulator CNIL, the Agence du Numérique en Santé and the PACA regional health agency (ARS) — and set up a dedicated helpline for affected patients. As of disclosure, the company reported no evidence of misuse of the leaked data.
Sources
- clubic.comhttps://www.clubic.com/actualite-558117-les-laboratoires-francais-cerballiance-ont-ete-victimes-d-une-cyberattaque-voici-les-donnees-qui-ont-fuite.html
- clubic.comhttps://www.clubic.com/actualite-558999-cerballiance-a-constate-un-acces-non-autorise-a-vos-donnees-non-ce-sms-n-est-pas-du-phishing.html
- generation-nt.comhttps://www.generation-nt.com/actualites/cerballiance-cyberattaque-donnees-sensibles-2073858
- egora.frhttps://www.egora.fr/actus-pro/sante-numerique/comptes-rendus-danalyse-numeros-de-securite-sociale-les-laboratoires