Cerballiance: medical data exposed after a cyberattack
On 25 March 2026, French medical-laboratory network Cerballiance disclosed a breach traced to a compromised external IT provider that exposed patient identities, portal credentials, medical test reports and social security numbers.
- Victim
- Cerballiance
On 25 March 2026, Cerballiance — one of France's largest networks of medical-analysis laboratories, part of the Cerba HealthCare group — notified patients of a data breach stemming from unauthorised access to a server operated by an external IT service provider. The compromised system held personal and health data belonging to patients of the network, which operates several hundred laboratories across France.
The intrusion was a supply-chain compromise: attackers gained access through a third-party contractor rather than Cerballiance's own infrastructure. According to the company, the following categories of data were potentially exposed:
- Civil identity information (first and last names)
- Patient-portal login credentials (email addresses and encrypted passwords)
- Medical test reports
- Social security numbers
Cerballiance said only a subset of patients was affected, though it did not publish a precise count. The company reported the incident to France's data-protection authority (CNIL) and cybersecurity agency (ANSSI), ordered the vulnerable server taken offline, invalidated patient-portal passwords and sent affected users a reset link, and warned them to be vigilant against phishing and suspicious messages. At the time of disclosure the company stated that no malicious use of the data had been confirmed.
Notably, this was the second consecutive year a Cerba HealthCare entity suffered a provider-related breach, after a similar incident in May 2025 involving a different subcontractor — underscoring recurring third-party security weaknesses in the healthcare supply chain.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/cerballiance-des-donnees-medicales-exposees-apres-une-cyberattaque/
- generation-nt.comhttps://www.generation-nt.com/actualites/cerballiance-cyberattaque-donnees-sensibles-2073858