Skip to content
Supply chainContained

Leak at MSP Givors Presqu'Île (via Weda)

Patient data held by the Givors Presqu'Île multidisciplinary health centre was exposed through the November 2025 cyberattack on its medical-software provider Weda, including identity, contact details and sensitive health data.

Victim
MSP Givors Presqu'Île

On 27 November 2025, MSP Givors Presqu'Île — a multidisciplinary health centre (maison de santé pluriprofessionnelle) in Givors, near Lyon — was identified among the structures affected by a data leak stemming from a cyberattack on Weda, the French electronic-health-record provider it uses to manage patient files.

The breach did not originate at the health centre itself. On the night of 10 November 2025, Weda detected abnormal activity on several user accounts. Investigators attributed the intrusion to compromised practitioner credentials, stolen via malware installed on healthcare workers' workstations. The attackers may have been able to extract patient data, though Weda did not formally confirm the full scope of any exfiltration. The incident affected roughly 23,000 of Weda's healthcare professionals nationwide, including those at MSP Givors Presqu'Île.

Data potentially exposed for the centre's patients includes:

  • First and last name
  • Postal address
  • Email address
  • Phone number
  • Health data (medical records, diagnoses, treatments and results)

As a precaution, Weda cut off access to its platform for several days while it investigated, and notified France's CNIL and ANSSI and filed a criminal complaint. As the data controllers, affected health centres such as MSP Givors Presqu'Île were in turn required to assess the risk and inform their patients. No ransom demand or criminal group's claim was publicly reported at the time, and the extent of any published data for this specific centre remains unconfirmed.

Sources

  1. silicon.frhttps://www.silicon.fr/cybersecurite-1371/comment-une-cyberattaque-a-paralyse-23-000-professionnels-de-sante-224548
  2. lemagit.frhttps://www.lemagit.fr/actualites/366634311/Sante-lediteur-du-logiciel-medical-Weda-coupe-ses-services-par-precaution
  3. houdart.orghttps://www.houdart.org/cyberattaque-weda-quelles-actions-rgpd-pour-les-msp/
  4. syndicat-smg.frhttps://syndicat-smg.fr/cyberattaque-de-weda-et-fuites-de-donnees-medicales-la-mise-en-ligne-des

Related incidents

Supply chainContained

Leak at Clinique du Millénaire (via Weda)

Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.

Victim
Clinique du Millénaire
Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS