A threat actor has allegedly posted a database containing the sensitive information of more than 103,000 patients from Hôpital Privé de la Miotte for sale on a dark web forum. The hospital is part of the Vivalto Santé group, one of the largest private hospital providers in France, highlighting the significance of the potential breach. The compromised data, if authentic, could expose a large number of individuals to various cyber threats, including identity theft, phishing scams, and other fraudulent activities.
The post, made on a notorious hacking forum, claims to be selling the entire patient database in a single transaction. The seller provided samples of the data to prove the legitimacy of their claims. The exposure of such detailed personal and medical-adjacent information is a severe privacy violation and poses a significant risk to the affected patients. This incident underscores the ongoing trend of cybercriminals targeting the healthcare sector, which holds highly valuable and sensitive data.
The compromised database allegedly includes a wide range of personally identifiable information (PII). The types of leaked data listed by the threat actor include:
- First Name
- Last Name
- Birthdate
- Phone Number
- Email Address
- Physical Address
- City
- Zipcode
- Data creation and update timestamps