Skip to content
Supply chainContained

Cerballiance: medical data exposed after a cyberattack

On 25 March 2026, French medical-laboratory network Cerballiance disclosed a breach traced to a compromised external IT provider that exposed patient identities, portal credentials, medical test reports and social security numbers.

Victim
Cerballiance

On 25 March 2026, Cerballiance — one of France's largest networks of medical-analysis laboratories, part of the Cerba HealthCare group — notified patients of a data breach stemming from unauthorised access to a server operated by an external IT service provider. The compromised system held personal and health data belonging to patients of the network, which operates several hundred laboratories across France.

The intrusion was a supply-chain compromise: attackers gained access through a third-party contractor rather than Cerballiance's own infrastructure. According to the company, the following categories of data were potentially exposed:

  • Civil identity information (first and last names)
  • Patient-portal login credentials (email addresses and encrypted passwords)
  • Medical test reports
  • Social security numbers

Cerballiance said only a subset of patients was affected, though it did not publish a precise count. The company reported the incident to France's data-protection authority (CNIL) and cybersecurity agency (ANSSI), ordered the vulnerable server taken offline, invalidated patient-portal passwords and sent affected users a reset link, and warned them to be vigilant against phishing and suspicious messages. At the time of disclosure the company stated that no malicious use of the data had been confirmed.

Notably, this was the second consecutive year a Cerba HealthCare entity suffered a provider-related breach, after a similar incident in May 2025 involving a different subcontractor — underscoring recurring third-party security weaknesses in the healthcare supply chain.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/cerballiance-des-donnees-medicales-exposees-apres-une-cyberattaque/
  2. generation-nt.comhttps://www.generation-nt.com/actualites/cerballiance-cyberattaque-donnees-sensibles-2073858

Related incidents

Supply chainOngoing

Leak at monlogicielmedical.com

Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santé, disclosed to affected doctors in early January 2026, exposing patient administrative records — name, date of birth, address, social-security scheme — for up to 11–15 million patients via compromised doctor accounts.

Victim
monlogicielmedical.com
Data breachContained

Leak at Cerballiance

In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.

Victim
Cerballiance