Leak at Mediboard
On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Aléo Santé — extracted via a compromised privileged account on the Mediboard patient-record platform — up for sale on BreachForums, exposing identities, contact details and sensitive medical data.
- Victim
- Mediboard
- records
- 758.9K
On 19 November 2024, Mediboard — the patient-record platform (DPI) published by Softway Medical and used by French private-healthcare group Aléo Santé — became the conduit for a major health-data leak. A threat actor using the handle "nears" (formerly "near2tlg") listed the records of 758,912 patients for sale on the BreachForums underground forum, and advertised broader access to the Mediboard environments of multiple French facilities.
The breach did not stem from a flaw in the Mediboard software. According to Softway Medical, a privileged account within the client's own infrastructure was compromised, and the attacker used the application's standard, legitimate functions to extract patient data — making this a credential-driven data breach rather than a software vulnerability or misconfiguration.
Exposed data categories included:
- First and last name, date of birth and (where applicable) date of death
- Gender
- Postal address, phone number and email
- Attending physician
- Medical prescriptions and care/treatment history
- Internal patient/external identifiers
The seller offered the dataset to a small number of buyers, with no purchase publicly confirmed at the time of reporting. The affected facilities were attributed to a single healthcare entity (Aléo Santé), and both Softway Medical and the hosting partner stated the leaked records were not held on their own infrastructure. Under the GDPR the incident triggered breach-notification obligations toward the French regulator (CNIL) and affected individuals.
Sources
- clubic.comhttps://www.clubic.com/actualite-544139-fichiers-et-dossiers-patients-sensibles-francais-en-fuite-sur-le-dark-web-que-se-passe-t-il.html
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/
- securityaffairs.comhttps://securityaffairs.com/171238/data-breach/sale-750000-patients-french-hospital.html
- hospitalia.frhttps://www.hospitalia.fr/Fuite-de-donnees-%C2%A0Mediboard-n-est-pas-en-cause%C2%A0_a4319.html