Cerballiance Data Breach Exposes Patient Information Across France
A major cybersecurity incident at Cerballiance, one of France’s largest medical testing networks, has compromised sensitive patient data, including personal identifiers, encrypted passwords, and in some cases, lab results and national ID numbers. The company, which serves 28 million patients annually across 600+ locations in France and its overseas territories, confirmed unauthorized access to patient records.
What Data Was Exposed?
The breach may have exposed:
- Personal details (names, contact information)
- Login credentials (emails and encrypted passwords)
- Medical test results (in some cases)
- French national ID numbers (equivalent to U.S. Social Security numbers), increasing risks of identity theft and phishing.
How Are Patients Notified?
Cerballiance is contacting affected individuals via email or text, though the messages may resemble phishing attempts. Patients who do not receive a notification are likely unaffected. To verify, individuals should use official channels:
- Phone: 0800 95 27 27 (weekdays, 10 a.m.–12 p.m. and 2 p.m.–4 p.m. local time)
- Email: info-rgpd@cerballiance.fr
Immediate Risks & Recommended Actions
- Password security: Affected users should change passwords, particularly for their email accounts, as compromised credentials could enable further attacks.
- Phishing threats: Scammers may use leaked details to craft personalized phishing messages, such as fake refund notices or lab report alerts. Users should avoid clicking links and verify requests through official sources.
- Two-factor authentication (2FA): Enabling 2FA adds an extra layer of security against unauthorized access.
Regulatory & Legal Context
Cerballiance reported the breach to France’s CNIL (the national data protection authority) and filed a complaint with law enforcement. Under GDPR, the company could face fines of up to €20 million ($22 million) or 4% of global revenue if found negligent. The incident also highlights vulnerabilities in third-party hosting providers, a growing concern in healthcare data security.
The breach underscores the ongoing risks of targeted phishing and the need for heightened vigilance in verifying communications related to medical data.
Cerballiance cybersecurity rating report: https://www.rankiteo.com/company/cerballiance
"id": "CER1774621668",
"linkid": "cerballiance",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (patients notified via '
'email/text)',
'industry': 'Healthcare',
'location': 'France and overseas territories',
'name': 'Cerballiance',
'size': '600+ locations, 28 million patients annually',
'type': 'Medical Testing Network'}],
'customer_advisories': 'Patients notified via email/text; advised to verify '
'communications through official channels (phone: 0800 '
'95 27 27, email: info-rgpd@cerballiance.fr)',
'data_breach': {'data_encryption': 'Encrypted passwords',
'personally_identifiable_information': 'Names, contact '
'information, French '
'national ID numbers',
'sensitivity_of_data': 'High (PII, medical data, national ID '
'numbers)',
'type_of_data_compromised': 'Personal identifiers, encrypted '
'passwords, medical test results, '
'national ID numbers'},
'description': 'A major cybersecurity incident at Cerballiance, one of '
'France’s largest medical testing networks, has compromised '
'sensitive patient data, including personal identifiers, '
'encrypted passwords, and in some cases, lab results and '
'national ID numbers. The company serves 28 million patients '
'annually across 600+ locations in France and its overseas '
'territories.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personal details (names, contact '
'information), login credentials (emails and '
'encrypted passwords), medical test results '
'(in some cases), French national ID numbers',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential GDPR fines up to €20 million or 4% '
'of global revenue'},
'lessons_learned': 'Highlights risks of targeted phishing, vulnerabilities in '
'third-party hosting providers, and need for heightened '
'vigilance in verifying medical data communications',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in third-party '
'hosting providers'},
'recommendations': 'Change passwords (especially email accounts), enable 2FA, '
'avoid clicking links in suspicious messages, verify '
'requests through official channels',
'references': [{'source': 'Cerballiance Official Channels'}],
'regulatory_compliance': {'fines_imposed': 'Potential (up to €20 million or '
'4% of global revenue)',
'legal_actions': 'Complaint filed with law '
'enforcement',
'regulations_violated': 'GDPR',
'regulatory_notifications': 'Reported to France’s '
'CNIL'},
'response': {'communication_strategy': 'Email and text notifications to '
'affected patients, official '
'verification channels (phone/email)',
'law_enforcement_notified': 'Yes (complaint filed)',
'remediation_measures': 'Notifying affected patients, '
'recommending password changes and 2FA'},
'title': 'Cerballiance Data Breach Exposes Patient Information Across France',
'type': 'Data Breach'}