The AP-HP emailed the patients whose data was stolen – information that was shared on social media, to confirm that it was not a phishing attempt.
In general, you should always pay attention to the emails you receive, in order to avoid scams or phishing attempts. When we know that there has been a major data breach recently, and that some of our data could be compromised, we must still be extra vigilant. And this is what the hospitals of Paris have just asked their patients.
In an email sent to the victims of the data theft, the AP-HP apologizes to the recipients, and recommends to them ” the greatest vigilance, in particular with regard to fraud or phishing attempts that could occur in the coming weeks “. On Twitter, the Paris hospitals also specified that the email is signed ” Martin Hirsch, Managing Director of AP-HP “, Which it has for object” Information about your data “, And that its transmitter is” GDPR AP-HP “.
The AP-HP confirms having written as of today, in particular by e-mail, to inform those concerned by a data theft following a computer attack.
– AP-HP (@APHP) September 17, 2021
1.4 million covid test results leaked
This email campaign was sent because AP-HP announced on September 15 that it had suffered a major data breach. During the summer, hackers managed to steal ” files containing personal data ”For 1.4 million covid tests. The data collected by hackers is numerous and sensitive. For each stolen test, the thugs have access to:
- the identity of the patient tested,
- his social security number,
- their contact details (a term that can designate the home address, email address and telephone number),
- the identity and contact details of the healthcare professional who performed the test,
- the type of test performed,
- and the result of the test (which is considered “sensitive data” by law).
The hackers targeted a ” secure file sharing service hosted and used by the AP-HP, which enables it to provide secure storage and sharing of files, internally and externally “, Also indicated the services of the Parisian hospitals.
If the AP-HP took the trouble to confirm that its services had indeed sent these emails, it is no coincidence. It is indeed not uncommon for cybercriminals who have stolen data to then pass themselves off as the service or site they hacked, in order to recover other data. The phishing attempts masquerading as Parisian hospitals have thus perhaps already been sent, hence the importance of confirming that this is a real preventive campaign, and not an attempt to large-scale phishing.
If you are concerned about the data leak, or if you receive an email from an address that closely resembles the AP-HP’s, you should be even more careful than usual – it may be -being of a phishing attempt.