Data leak at Weda
On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.
- Victim
- Weda
On 12 November 2025, Weda — a leading French publisher of cloud-based electronic health record (EHR) software used by general practitioners, specialists, midwives and health centres — disclosed a cyberattack against its patient-record platform. Late on 10 November, around 11:30 PM, Weda detected unusual activity on several user accounts indicating unauthorized access, and shut down its services as a precaution to prevent further data exfiltration.
Investigators traced the intrusion to compromised practitioner credentials rather than a breach of Weda's own infrastructure. Threat-intelligence firm Hudson Rock identified more than 55 Weda SaaS accounts whose logins had been harvested by infostealer malware running on users' workstations, allowing attackers to log in as legitimate healthcare professionals. Weda acknowledged that the malicious access "may have enabled partial data extraction," though the full scope of any leak was not formally confirmed at the time of disclosure.
The platform hosts highly sensitive information, and the data potentially at risk included:
- Complete patient medical records and consultation histories
- Examination and test results
- Prescriptions
- Billing data
- Social Security (NIR) and identity information
Weda's platform serves tens of thousands of healthcare professionals (reports cited roughly 20,000–23,000 affected, and up to ~85,000 practitioners on the platform overall), exposing data linked to millions of patients. The outage forced medical practices to revert to paper for nearly a week, with a degraded-mode restart from 14 November. Weda took its services offline pending full security validation, reported the incident to authorities, and engaged external experts to investigate.
Sources
- lemagit.frhttps://www.lemagit.fr/actualites/366634311/Sante-lediteur-du-logiciel-medical-Weda-coupe-ses-services-par-precaution
- caducee.nethttps://www.caducee.net/actualite-medicale/16693/cyberattaque-weda-23-000-soignants-concernes.html
- syndicat-smg.frhttps://syndicat-smg.fr/cyberattaque-de-weda-et-fuites-de-donnees-medicales-la-mise-en-ligne-des
- avecsantena.frhttps://avecsantena.fr/cyberattaque-du-logiciel-weda-que-sest-il-passe-et-comment-reagir-pour-une-msp/