The Commission Nationale Informatique et Libertés (CNIL), France’s data protection authority, this week disclosed a cyber-attack on Viamedis and Almerys, two health insurance companies.
This incident, now referred to as the French Health Insurance Data Breach, affected over 33 million people, nearly half the country’s population.
The Data at Risk
The breach exposed a range of personal data, including:
- Marital status
- Dates of birth
- Social security numbers
- Specific details related to individuals’ insurance policies
This exposed information puts people at a higher risk of identity theft and fraud, as threat actors use these details to perform targeted phishing attacks or financial fraud, even without access to medical histories.
Who’s Affected?
Nearly half of France’s population is at risk due to this breach. Both policyholders and their families should be on high alert, as the leaked information directly impacts their personal and financial security. It’s important to note that no Australians have been affected by this breach unless they have direct links to the impacted French insurance businesses.
How Could This Happen?
GDPR mandates strict data security for all companies in the EU, including Australian ones dealing with EU residents’ info. France’s data watchdog, CNIL, is investigating whether Viamedis and Almerys failed to protect data with GDPR compliance by potentially using weak encryption or outdated systems.
The Growing Threat to Insurance Companies
As we move into 2024, insurance companies are facing increased attention from hackers. These firms store vast amounts of personal and financial data, making them attractive targets for cyber-attacks.
Here’s a closer look at the situation:
- Large Data Repositories hold social security numbers, personal health details, and financial information, appealing for identity theft and phishing.
- Potential for Public Distress since disrupting insurance services can have widespread effects beyond financial damage.
Key Challenges
- Complex Systems: Insurance companies’ databases integrate vast amounts of sensitive information, making them complex and harder to secure.
- Legacy Systems: Many use outdated systems, which are less secure than modern technologies, increasing vulnerability.
Looking Ahead
- The focus on insurance firms by cybercriminals is expected to grow in 2024.
- Implementing stronger encryption, updating cybersecurity measures, and cyber risk audits are essential for defence.
