Leak at monlogicielmedical.com
Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santé, disclosed to affected doctors in early January 2026, exposing patient administrative records — name, date of birth, address, social-security scheme — for up to 11–15 million patients via compromised doctor accounts.
- Victim
- monlogicielmedical.com
On 12 January 2026, MonLogicielMedical.com (MLM) — a medical practice-management application published by Cegedim Santé and used by roughly 3,800 French physicians — was confirmed as the source of one of the largest health-data breaches ever documented in France. Cegedim detected abnormal application-query activity on doctor user accounts in late 2025; affected practitioners were notified in early January 2026 so they could in turn inform their patients.
The compromise reached patient records through legitimate-looking requests made against doctor accounts on the MLM platform — a third-party software provider being abused to exfiltrate downstream patient data. Roughly 1,500 of the 3,800 doctors using MLM were affected, and investigators estimate that between 11 and 15 million patients' records were exposed. Part of the data has since been offered for sale on the dark web.
Exposed data, per Cegedim, came from the patient's administrative file:
- First and last name, sex, date of birth
- Postal address, phone number, email
- Social-security scheme / status
- Free-text administrative comments and last-visit information
For an estimated 169,000 patients, those free-text fields contained intimate medical annotations (e.g. HIV status, sexual orientation, addictions, trauma), substantially raising the sensitivity of the leak.
Cegedim says it filed a criminal complaint and notified France's data-protection authority, the CNIL. The incident remained active and under public scrutiny through early 2026, with concerns over the roughly four-month delay before patients were broadly informed potentially raising GDPR Article 34 issues.
Sources
- caducee.nethttps://www.caducee.net/actualite-medicale/16821/incident-mlm-chez-cegedim-anatomie-d-une-fuite-de-donnees-estimee-a-11-15-millions-de-dossiers-patients.html
- france-assos-sante.orghttps://france-assos-sante.org/actualite/des-millions-de-patients-concernes-apres-le-piratage-du-logiciel-medical-cegedim-liberte-egalite-fuite-de-donnees/
- journaldugeek.comhttps://www.journaldugeek.com/2026/03/06/nouvelle-fuite-de-donnees-medicales-15-millions-de-francais-exposes-et-un-scandale-en-perspective/