A data leak on the amelipro portal allowed hackers to recover information on 510,000 policyholders. The Health Insurance will inform the persons concerned individually.
In a press release published on its site on March 17, Health Insurance indicates that the data of 510,000 policyholders have been compromised. In view of the vocabulary used, it would seem that it is not the Ameli site which is directly at the origin of this fault. L’Assurance Maladie indicates that the email addresses of 19 healthcare professionals have been compromised, which allowed hackers to access the amelipro platform. This is where they were able to recover sensitive data, even if no bank details were stolen.
Ameli: a hack that is not a hack
Can we really say that Ameli’s site was hacked? We contacted the Health Insurance which confirmed some elements already present in its press release. The object of the event is not a hack but a “connection of unauthorized persons to amelipro accounts”. If the outcome is the same, the cause is reassuring and seems to indicate that our data is not in danger on the Health Insurance site, which is probably well secured. The hackers didn’t need to bypass Ameli’s security, they got this data through human error.
What could have happened? L’Assurance Maladie indicates that 19 medical organizations have been targeted by hackers. By taking control of their mailboxes (probably by asking them for their passwords using phishing), they were able to connect to the portal reserved for healthcare professionals, the one on which patients are listed (probably by checking ” Forgot your password “). Then, thanks to robots, they probably carried out “crawling” and “scraping”, that is, automated data collection.
This is probably how the Health Insurance realized the problem: the robots downloaded in a short space of time a very large number of pages to copy and paste as much information as possible. In the end, the hackers obtained an address book that the Health Insurance estimates at 510,000 insured.
What data is concerned?
Health Insurance indicates that its “Infopatient” service has been targeted. The hackers got the identity data (surname, first name, date of birth, sex) of 510,000 people, their social security numbers as well as data relating to rights (attending doctor, allocation of complementary health insurance or medical aid from State…). She promises that no contact (address, phone number) or banking information has been obtained. We don’t yet know what they want to do with it.
Even if nothing has been said for the moment, one can imagine that the 19 organizations concerned are very large health establishments. We do not really see how 19 independent doctors could, together, reach the 510,000 insured.
What’s going to happen ?
Pending completion of its investigation, Health Insurance has indicated that it is filing a complaint and blocking the IP addresses of the perpetrators of the attack. In the coming days, she will call on health professionals to strengthen the security of their accounts (we hope by strengthening double authentication) and will contact the victims of this operation, to whom she will tell what they are really at risk. By then, the number of 510,000 people could be reassessed.