Skip to content
Data breachContained

Leak at Médecin Direct

MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Médecin Direct

On 3 December 2025, MédecinDirect — a French teleconsultation platform and a subsidiary of the US group Teladoc Health — notified patients of a data breach affecting their personal and health information. The company said it had detected a computer intrusion on 28 November 2025 and stopped it on detection; affected users were informed on 3 December.

The breach exposed a mix of identity and sensitive medical data. According to MédecinDirect, the compromised information included:

  • First and last name, date of birth, postal and email address
  • Some social security (NIR) numbers
  • The subject of the teleconsultation and pre-consultation questionnaire responses
  • Written exchanges between patients and practitioners

The company stressed that teleconsultation videos were not affected, as they are not recorded. MédecinDirect officially notified around 285,000 people, while a threat actor offering the data on the criminal market claimed up to 323,069 patient records.

MédecinDirect alerted France's data protection authority (CNIL) on 28 November and filed a complaint with the Paris public prosecutor. The company said its services continued to operate normally, that it had reinforced its monitoring and protection measures, and that an investigation into the origin of the incident was underway.

Sources

  1. usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/data-breach/cyberattaque-la-plateforme-de-teleconsultation-medecindirect-victime-dune-fuite-de-donnees-285-000-personnes-touchees.LOTZGYSVMBBADL36YQZFDM2XAQ.html
  2. next.inkhttps://next.ink/213131/leroy-merlin-et-medecin-direct-pirates-des-donnees-medicales-dans-la-nature/
  3. caducee.nethttps://www.caducee.net/actualite-medicale/16715/medecindirect-fuite-de-donnees-de-sante-jusqu-a-323-069-patients-concernes.html

Related incidents

Data breachContained

Leak at Itelis

In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda
Data breachOngoing

Leak at Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie

A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.

Victim
Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie
Data breachContained

Leak at Agence Régionale de Santé des Hauts-de-France

A cyberattack on the shared regional health platform (Prédice/GIP Inéa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.

Victim
Agence Régionale de Santé des Hauts-de-France