Skip to content
Supply chainOngoing

Leak at MSP du Pré Vicinal (via Weda)

MSP du Pré Vicinal, a French multidisciplinary health centre, had patient data exposed via the November 2025 cyberattack on its medical-software provider Weda, including names, postal and email addresses, phone numbers and health data.

Victim
MSP du Pré Vicinal

On 25 November 2025, MSP du Pré Vicinal — a French maison de santé pluridisciplinaire (multidisciplinary primary-care health centre) — was identified among the practices whose patient records were exposed through the cyberattack on Weda, the online medical-records software it relies on. The breach is a supply-chain incident: the health centre did not host the data itself, but its patient files were managed in Weda's platform.

Weda detected unusual activity on user accounts on the night of 10 November 2025 and shut down its platform as a precaution to stop any further data extraction. Investigators attributed the intrusion to compromised practitioner credentials — login details stolen by infostealer malware on healthcare workers' devices — rather than a direct breach of Weda's infrastructure. The outage left thousands of MSPs without access to patient records for several days. The attack affected roughly 23,000 healthcare professionals using Weda nationwide.

For MSP du Pré Vicinal's patients, the exposed data categories include:

  • First and last name
  • Postal address
  • Email address
  • Phone number
  • Health data (medical records held in the practice software)

Weda confirmed that a partial extraction of data may have occurred but, at the time of reporting, had not formally established the full scope of the theft. The company notified the French data-protection authority (CNIL) and cybersecurity agency (ANSSI) and filed a criminal complaint. The investigation and remediation remained ongoing.

Sources

  1. lemagit.frhttps://www.lemagit.fr/actualites/366634311/Sante-lediteur-du-logiciel-medical-Weda-coupe-ses-services-par-precaution
  2. caducee.nethttps://www.caducee.net/actualite-medicale/16693/cyberattaque-weda-23-000-soignants-concernes.html
  3. syndicat-smg.frhttps://syndicat-smg.fr/cyberattaque-de-weda-et-fuites-de-donnees-medicales-la-mise-en-ligne-des

Related incidents

Supply chainContained

Leak at Clinique du Millénaire (via Weda)

Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.

Victim
Clinique du Millénaire
Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS