Skip to content
Supply chainContained

Leak at Clinique du Millénaire (via Weda)

Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.

Victim
Clinique du Millénaire

On 25 November 2025, the Clinique du Millénaire — a private multi-disciplinary hospital in Montpellier — was reported among the French healthcare structures whose patient data was put at risk by the breach of Weda, the medical-records software it uses for its specialists and emergency physicians.

This was not a direct intrusion into the clinic's own systems but a supply-chain incident at the software vendor. On the night of 10 November 2025, Weda detected unusual activity on user accounts and suspended its cloud platform by precaution. The compromise has been linked to credentials harvested by infostealer malware on practitioners' workstations: threat-intelligence firm Hudson Rock identified dozens of Weda user accounts exposed this way. Weda — used by roughly 23,000 of its claimed 85,000 healthcare professionals at the time of the attack — warned that malicious access could have allowed partial extraction of hosted data.

The data handled through Weda is highly sensitive medical and personal information. For affected patients, the categories at risk include:

  • Surname and first name
  • Postal address
  • Email address
  • Phone number
  • Health data (medical records, consultation history, prescriptions, billing/social-security information)

Weda took its services offline as a containment measure, leaving clinics to fall back on paper for about a week before a degraded-mode restoration on 14 November. The company notified the French data protection authority (CNIL) and the national cybersecurity agency (ANSSI) and filed a criminal complaint. The full scope of exfiltration for any individual structure, including the Clinique du Millénaire, was not definitively established in public reporting.

Sources

  1. lemagit.frhttps://www.lemagit.fr/actualites/366634311/Sante-lediteur-du-logiciel-medical-Weda-coupe-ses-services-par-precaution
  2. caducee.nethttps://www.caducee.net/actualite-medicale/16693/cyberattaque-weda-23-000-soignants-concernes.html
  3. next.inkhttps://next.ink/209097/weda-une-cyberattaque-et-une-semaine-de-galere-pour-23-000-medecins/
  4. syndicat-smg.frhttps://syndicat-smg.fr/cyberattaque-de-weda-et-fuites-de-donnees-medicales-la-mise-en-ligne-des

Related incidents

Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS