Leak at Pulsy
Patient data managed by Pulsy, the regional e-health operator (GRADeS) for France's Grand Est region, was reported leaked on 13 May 2025, exposing identity details, contacts and sensitive health information including care pathways and hospitalisation records.
- Victim
- Pulsy
On 13 May 2025, Pulsy — the Groupement Régional d'Appui au Développement de la e-santé (GRADeS) that operates digital health services for France's Grand Est region — was reported as the source of a leak of patient data. Pulsy runs shared regional platforms used by hospitals, care providers and professionals across the region, making any compromise of its systems a sensitive health-data exposure.
The leaked dataset reportedly combined civil-identity and contact information with sensitive medical data, including details of patients' care pathways and the dates and locations of their hospitalisations.
Exposed data categories reportedly included:
- Last name, first name and gender
- Date and place (commune) of birth
- Postal address, phone number and email
- Medical data and care-pathway information
- Dates and locations of hospitalisations
The precise scale of the incident (number of affected patients) and the attack vector have not been confirmed by an authoritative public source, and Pulsy's formal response and the current status of the incident remain unclear. This record is grounded in the originally imported breach summary; details should be treated as provisional pending confirmation from the operator, the regional health authority (ARS Grand Est) or the CNIL.
Sources
- bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Pulsy-2025-05-13