Massive Data Breach Exposes Personal Information of 15 Million French Citizens
A cyberattack targeting Cegedim Santé’s medical software, MLM (MonLogicielMédical.com), has resulted in the exposure of sensitive data belonging to 15 million French citizens on the dark web. The breach, first reported by France 2 on February 26, occurred in late 2025, though details only emerged this week.
The compromised data includes names, phone numbers, birth dates, email and postal addresses of patients whose information was entered by 1,500 general practitioners roughly 40% of the 3,800 physicians using the software. For 169,000 individuals, the leak extended to highly sensitive details, such as medical conditions, sexual orientation, religious affiliation, and records of physical or sexual violence.
The attack was claimed by an unidentified hacker, though it remains unclear whether they were directly responsible or merely disseminated the stolen files. The French Ministry of Health confirmed the breach but emphasized that the incident did not stem from a failure in state-run systems. While structured medical records such as prescriptions or lab results remained unaffected, the scale of the leak is staggering, averaging 10,000 patients per affected physician.
Cegedim Santé detected the breach in late 2025 after identifying abnormal query activity on physician accounts. The company stated it took immediate containment measures, notified authorities (CNIL, ANSSI, and CERT Santé), and filed a police report. Physicians were contacted in early January to assist with GDPR compliance, including patient notifications.
The incident has drawn sharp criticism from MG France, the general practitioners’ union, which argues that doctors should not bear responsibility for the breach. The union has filed a complaint with the CNIL, demanding clarity on liability and urging stronger safeguards before expanding digital health tools like the Dossier Médical Partagé (DMP).
This breach follows a wave of cyberattacks on French healthcare systems, including previous incidents involving third-party payment operators and the Weda software. Despite government initiatives like Care and Ségur numérique to bolster cybersecurity, the sector remains a prime target, raising concerns about patient trust in digital health services.
Source: https://francais.medscape.com/viewarticle/fuite-massive-données-après-cyberattaque-2026a100068t
Cegedim Santé cybersecurity rating report: https://www.rankiteo.com/company/cegedim-sante
"id": "CEG1772307567",
"linkid": "cegedim-sante",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,500 general practitioners and '
'15 million patients',
'industry': 'Healthcare',
'location': 'France',
'name': 'Cegedim Santé',
'type': 'Healthcare Software Provider'}],
'customer_advisories': 'Physicians contacted for GDPR compliance and patient '
'notifications',
'data_breach': {'data_exfiltration': 'Yes (data exposed on the dark web)',
'number_of_records_exposed': '15 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (sensitive personal and medical '
'data)',
'type_of_data_compromised': ['Names',
'Phone numbers',
'Birth dates',
'Email addresses',
'Postal addresses',
'Medical conditions',
'Sexual orientation',
'Religious affiliation',
'Records of physical or sexual '
'violence']},
'date_detected': '2025-12-01',
'date_publicly_disclosed': '2026-02-26',
'description': 'A cyberattack targeting Cegedim Santé’s medical software, MLM '
'(MonLogicielMédical.com), has resulted in the exposure of '
'sensitive data belonging to 15 million French citizens on the '
'dark web. The breach includes names, phone numbers, birth '
'dates, email and postal addresses, and highly sensitive '
'details such as medical conditions, sexual orientation, '
'religious affiliation, and records of physical or sexual '
'violence for 169,000 individuals.',
'impact': {'brand_reputation_impact': 'Raised concerns about patient trust in '
'digital health services',
'data_compromised': 'Personal and sensitive medical information of '
'15 million individuals',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential GDPR violations',
'operational_impact': 'Abnormal query activity detected on '
'physician accounts',
'systems_affected': 'MLM (MonLogicielMédical.com) medical '
'software'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Abnormal query activity on '
'physician accounts'},
'recommendations': 'Stronger safeguards for digital health tools and clarity '
'on liability for breaches',
'references': [{'source': 'France 2'}],
'regulatory_compliance': {'legal_actions': 'Complaint filed with CNIL by MG '
'France',
'regulations_violated': ['GDPR'],
'regulatory_notifications': 'CNIL, ANSSI, and CERT '
'Santé notified'},
'response': {'communication_strategy': 'Physicians contacted in early January '
'for GDPR compliance and patient '
'notifications',
'containment_measures': 'Immediate containment measures taken',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (police report filed)'},
'stakeholder_advisories': 'French Ministry of Health emphasized the breach '
'did not stem from state-run systems',
'threat_actor': 'Unidentified hacker',
'title': 'Massive Data Breach Exposes Personal Information of 15 Million '
'French Citizens',
'type': 'Data Breach'}