Skip to content
Data breachContained

Leak at Mediboard

On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Aléo Santé — extracted via a compromised privileged account on the Mediboard patient-record platform — up for sale on BreachForums, exposing identities, contact details and sensitive medical data.

Victim
Mediboard
records
758.9K

On 19 November 2024, Mediboard — the patient-record platform (DPI) published by Softway Medical and used by French private-healthcare group Aléo Santé — became the conduit for a major health-data leak. A threat actor using the handle "nears" (formerly "near2tlg") listed the records of 758,912 patients for sale on the BreachForums underground forum, and advertised broader access to the Mediboard environments of multiple French facilities.

The breach did not stem from a flaw in the Mediboard software. According to Softway Medical, a privileged account within the client's own infrastructure was compromised, and the attacker used the application's standard, legitimate functions to extract patient data — making this a credential-driven data breach rather than a software vulnerability or misconfiguration.

Exposed data categories included:

  • First and last name, date of birth and (where applicable) date of death
  • Gender
  • Postal address, phone number and email
  • Attending physician
  • Medical prescriptions and care/treatment history
  • Internal patient/external identifiers

The seller offered the dataset to a small number of buyers, with no purchase publicly confirmed at the time of reporting. The affected facilities were attributed to a single healthcare entity (Aléo Santé), and both Softway Medical and the hosting partner stated the leaked records were not held on their own infrastructure. Under the GDPR the incident triggered breach-notification obligations toward the French regulator (CNIL) and affected individuals.

Sources

  1. clubic.comhttps://www.clubic.com/actualite-544139-fichiers-et-dossiers-patients-sensibles-francais-en-fuite-sur-le-dark-web-que-se-passe-t-il.html
  2. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/
  3. securityaffairs.comhttps://securityaffairs.com/171238/data-breach/sale-750000-patients-french-hospital.html
  4. hospitalia.frhttps://www.hospitalia.fr/Fuite-de-donnees-%C2%A0Mediboard-n-est-pas-en-cause%C2%A0_a4319.html

Related incidents

Data breachContained

Leak at Almerys, Viamedis

In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people — names, dates of birth, social security numbers and health-insurer details — in one of France's largest ever data breaches.

Victim
Almerys, Viamedis
Records
33.0M