Massive Cyberattack Exposes Data of 15 Million French Patients
In late 2025, a cyberattack on a widely used medical database in France compromised the personal data of up to 15 million patients, including sensitive information on approximately 164,000 individuals. The breach, confirmed by the French Health Ministry, targeted a software system developed by Cegedim Santé, which is used by around 1,500 doctors across the country.
The stolen data includes administrative details such as names, phone numbers, and postal addresses, as well as highly sensitive information like doctors’ notes on patients’ sexual orientation, religious beliefs, infidelity cases, and sexual assault disclosures. While medical records themselves remained intact, the leak has raised serious privacy concerns. Among the affected individuals are politicians, including potential candidates for the 2027 presidential election, and celebrities.
The attack was first detected by Cegedim Santé in late 2025 after identifying unusual activity in doctor accounts. The company reported the incident to France’s data protection authority, the National Civil Liberties Commission (CNIL), in October 2025, and the Paris prosecutor’s office launched an investigation in November 2025. However, the full scale of the breach only became public on February 27, 2026, when Health Minister Stéphanie Rist disclosed the details.
An alleged hacker, speaking to France2, claimed that only a portion of the stolen data had been published on the dark web, though the broadcaster verified that some sensitive information was already accessible. The investigation remains ongoing, with authorities yet to identify the perpetrators.
The incident has sparked outrage among medical professionals, who argue that government pressure to digitize patient records has left them vulnerable. Agnès Giannotti, president of France’s main GP union (MG France), criticized the push for centralized data storage, warning that it undermines patient trust and safety.
This breach is part of a broader surge in cyberattacks targeting French institutions, including recent incidents affecting the national bank account registry. The fallout from the leak continues to unfold as authorities assess the full impact.
Cegedim Santé TPRM report: https://www.rankiteo.com/company/cegedim-sante
French Health Ministry TPRM report: https://www.rankiteo.com/company/french-healthcare-en
"id": "cegfre1772468826",
"linkid": "cegedim-sante, french-healthcare-en",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,500 doctors and 15 million '
'patients',
'industry': 'Healthcare Technology',
'location': 'France',
'name': 'Cegedim Santé',
'type': 'Healthcare Software Provider'}],
'customer_advisories': 'Affected patients notified of data exposure and '
'advised to take precautions against identity theft.',
'data_breach': {'data_exfiltration': 'Partial publication on the dark web',
'number_of_records_exposed': '15 million (164,000 with highly '
'sensitive data)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Administrative details (names, '
'phone numbers, postal '
'addresses)',
'Sensitive medical notes (sexual '
'orientation, religious beliefs, '
'infidelity cases, sexual '
'assault disclosures)']},
'date_detected': '2025-10',
'date_publicly_disclosed': '2026-02-27',
'description': 'A cyberattack on a widely used medical database in France '
'compromised the personal data of up to 15 million patients, '
'including sensitive information on approximately 164,000 '
'individuals. The breach targeted a software system developed '
'by Cegedim Santé, used by around 1,500 doctors across the '
'country. The stolen data includes administrative details and '
'highly sensitive information like doctors’ notes on patients’ '
'sexual orientation, religious beliefs, infidelity cases, and '
'sexual assault disclosures.',
'impact': {'brand_reputation_impact': 'Severe damage to Cegedim Santé and '
'patient trust in digitized medical '
'records',
'data_compromised': 'Personal and sensitive medical data of 15 '
'million patients, including 164,000 with '
'highly sensitive information',
'identity_theft_risk': 'High risk due to exposure of personal and '
'sensitive data',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'operational_impact': 'Undermined patient trust and safety, '
"disrupted medical professionals' workflows",
'systems_affected': 'Cegedim Santé medical database software'},
'initial_access_broker': {'data_sold_on_dark_web': 'Partial data published on '
'the dark web'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Government pressure to digitize patient records may '
'increase vulnerability to cyberattacks. Centralized data '
'storage can undermine patient trust and safety.',
'post_incident_analysis': {'root_causes': 'Potential vulnerabilities in '
'centralized medical database '
'software, lack of robust '
'cybersecurity measures'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Enhance cybersecurity measures for medical databases, '
'improve incident response protocols, and reassess '
'centralized data storage policies.',
'references': [{'source': 'French Health Ministry'},
{'source': 'France2'},
{'source': 'CNIL (National Civil Liberties Commission)'}],
'regulatory_compliance': {'legal_actions': 'Investigation launched by Paris '
'prosecutor’s office',
'regulations_violated': ['GDPR'],
'regulatory_notifications': 'Reported to CNIL '
'(France’s data '
'protection authority)'},
'response': {'communication_strategy': 'Disclosed to CNIL in October 2025, '
'publicly announced on February 27, '
'2026',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (Paris prosecutor’s office)'},
'stakeholder_advisories': 'Medical professionals advised to monitor for '
'unusual activity in patient accounts. Patients '
'urged to remain vigilant for identity theft risks.',
'title': 'Massive Cyberattack Exposes Data of 15 Million French Patients',
'type': 'Data Breach'}