Skip to content
Data breachContained

Leak at Cerballiance

In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.

Victim
Cerballiance

On 25 March 2025, Cerballiance — one of France's largest medical-laboratory networks, part of the Cerba HealthCare group — began notifying patients by email and SMS that their personal data had been compromised in a cyberattack. The breach stemmed from unauthorized access on 27 February 2025 to servers operated by an external IT provider, hosting administrative data for the Cerballiance Provence-Azur and Cerballiance Alpes Durance entities in the PACA region. Several thousand patients in the Var and Côte d'Azur areas were affected.

The intrusion did not target Cerballiance's core information systems directly but rather a third-party-hosted server. Reporting indicates the exposed records included civil-status and contact details, patient-portal login credentials (with passwords stored in encrypted form), social security numbers, and — for some patients — certain medical test reports, making part of the leak sensitive health data.

Exposed data categories reported include:

  • Surname, first name and date of birth
  • Postal address and contact details
  • Social security number (NIR), with health-insurance scheme, mutuelle fund and rights-end date
  • Patient-portal login credentials (encrypted passwords)
  • Certain medical analysis reports (for some patients)

Cerballiance said it identified and shut down the source of the breach, reset affected passwords, and filed a criminal complaint. The company notified the relevant authorities — ANSSI, the data-protection regulator CNIL, the Agence du Numérique en Santé and the PACA regional health agency (ARS) — and set up a dedicated helpline for affected patients. As of disclosure, the company reported no evidence of misuse of the leaked data.

Sources

  1. clubic.comhttps://www.clubic.com/actualite-558117-les-laboratoires-francais-cerballiance-ont-ete-victimes-d-une-cyberattaque-voici-les-donnees-qui-ont-fuite.html
  2. clubic.comhttps://www.clubic.com/actualite-558999-cerballiance-a-constate-un-acces-non-autorise-a-vos-donnees-non-ce-sms-n-est-pas-du-phishing.html
  3. generation-nt.comhttps://www.generation-nt.com/actualites/cerballiance-cyberattaque-donnees-sensibles-2073858
  4. egora.frhttps://www.egora.fr/actus-pro/sante-numerique/comptes-rendus-danalyse-numeros-de-securite-sociale-les-laboratoires

Related incidents

Data breachContained

Leak at Médecin Direct

MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Médecin Direct
Data breachContained

Leak at Itelis

In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda