Massive Health Data Breach Exposes Sensitive Medical Records of Millions of French Patients
A major cyberattack targeting MonLogicielMedical (MLM), a medical software developed by Cegedim Santé and used by nearly 3,800 French physicians, has exposed highly sensitive patient data. The breach, detected in late 2025, compromised the records of an estimated 11 to 15 million individuals, with 1,500 doctors directly affected.
The leaked database, discovered on the dark web, includes standard personal details such as names, birthdates, contact information, and addresses. However, the most alarming exposure lies in an unstructured "administrative comments" field, where physicians freely recorded deeply private information HIV status, sexual orientation, histories of violence (including rape), and even family medical backgrounds. Investigations by France 2 and ethical hacker Clément Domingo (SaxX) confirmed the authenticity of the data, with affected individuals verifying its accuracy.
The cybercriminal group dumpsec claimed responsibility, asserting they had stolen over 65 million records, though Cegedim disputed the figure, insisting only a subset of data was accessed. The company reported the incident to France’s data protection authority (CNIL) and filed a criminal complaint, while also assisting impacted doctors in notifying patients. Despite these measures, concerns persist over the lack of prior alerts France 2 revealed that a whistleblower had previously flagged vulnerabilities to Cegedim, but received no response.
The breach underscores critical gaps in securing unstructured medical data, where free-text fields become unintended repositories for highly confidential information. With no evidence that structured patient records were compromised, the fallout remains centered on the unregulated handling of sensitive notes now circulating beyond the control of medical professionals. The incident has reignited debates over digital health security and the protection of intimate patient details in an era of escalating cyber threats.
Cegedim Santé cybersecurity rating report: https://www.rankiteo.com/company/cegedim-sante
"id": "CEG1772187887",
"linkid": "cegedim-sante",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '11 to 15 million individuals, '
'3,800 physicians',
'industry': 'Healthcare',
'location': 'France',
'name': 'Cegedim Santé',
'type': 'Company'}],
'customer_advisories': 'Patients notified via their physicians',
'data_breach': {'data_exfiltration': 'Yes (leaked on dark web)',
'number_of_records_exposed': '65 million (claimed by threat '
'actor), 11-15 million '
'(confirmed by company)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details (names, '
'birthdates, contact '
'information, addresses)',
'Unstructured administrative '
'comments (HIV status, sexual '
'orientation, histories of '
'violence, family medical '
'backgrounds)']},
'date_detected': '2025-12-31',
'description': 'A major cyberattack targeting *MonLogicielMedical* (MLM), a '
'medical software developed by Cegedim Santé and used by '
'nearly 3,800 French physicians, has exposed highly sensitive '
'patient data. The breach compromised the records of an '
'estimated 11 to 15 million individuals, with 1,500 doctors '
'directly affected. The leaked database includes personal '
'details and deeply private information such as HIV status, '
'sexual orientation, histories of violence, and family medical '
'backgrounds.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Sensitive medical records, including HIV '
'status, sexual orientation, histories of '
'violence, and family medical backgrounds',
'identity_theft_risk': 'High',
'systems_affected': 'MonLogicielMedical (MLM) software'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Critical gaps in securing unstructured medical data, '
'where free-text fields become unintended repositories for '
'highly confidential information. Need for better '
'vulnerability reporting and response mechanisms.',
'post_incident_analysis': {'corrective_actions': 'Assisting doctors in '
'notifying patients, filing '
'criminal complaints, and '
'reporting to CNIL',
'root_causes': 'Unsecured unstructured data '
'fields, lack of response to prior '
'vulnerability reports'},
'recommendations': 'Improve security for unstructured data fields, enhance '
'vulnerability reporting processes, and ensure timely '
'alerts for potential breaches.',
'references': [{'source': 'France 2'}, {'source': 'Clément Domingo (SaxX)'}],
'regulatory_compliance': {'legal_actions': 'Criminal complaint filed',
'regulations_violated': ['GDPR'],
'regulatory_notifications': 'Reported to CNIL'},
'response': {'communication_strategy': 'Reported to CNIL, public disclosure '
'via media',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (criminal complaint filed)',
'remediation_measures': 'Assisting impacted doctors in notifying '
'patients'},
'threat_actor': 'dumpsec',
'title': 'Massive Health Data Breach Exposes Sensitive Medical Records of '
'Millions of French Patients',
'type': 'Data Breach'}