15 million French medical records exposed in hack

February 28, 2026 / 12:38 AM

Sharjah 24 – AFP: France’s health ministry announced on Friday that administrative details and medical notes of more than 15 million people had been hacked.

Context of recent hacks

The revelation comes just days after officials warned that the details of 1.2 million French bank accounts had been compromised using the credentials of an official.

Scope of the medical data breach

According to France 2 television, top politicians are among those affected, and some of the stolen medical information is now visible online. The data reportedly includes sensitive information such as patients’ sexual orientation or whether they have AIDS.

The hack, carried out in late 2025, involved data from approximately 1,500 medical practices that used software developed by Cegedim Sante. The breach primarily included patients’ names, phone numbers, and postal addresses. For 169,000 patients, however, doctors’ notes were also compromised, some containing sensitive data. The ministry stressed that no prescriptions or biological test results were accessed.

Response from Cegedim Sante

Cegedim Sante filed a criminal complaint over the breach in October 2025 and confirmed that about 1,500 out of 3,800 doctors using its software were affected. The company said it is “supporting its clients and their patients as much as possible” and will “fully cooperate with the authorities.”

The hack reportedly involved 15.8 million administrative files, of which 165,000 contained personal annotations by doctors relating to sensitive information.

Expert warnings

Cybersecurity expert Gerome Billois of Wavestone consultancy warned that this could be the biggest data breach in France’s health sector, with potentially irreparable consequences. “Once health information that says: ‘You have AIDS’ or ‘You have such and such a disease’ is released, you can never go back,” he said.

Previous financial hack

Earlier, on February 18, the French finance ministry reported that a hacker accessed a national bank database and consulted information on 1.2 million accounts using stolen credentials. The compromised data included account numbers, account holder names, and addresses.