ACCORDING to AFP, France’s health ministry said on Friday that administrative details and medical notes for more than 15 million people were hacked, with the incident dating to late 2025 and affecting information from about 1,500 medical practices that used software made by Cegedim Sante.
The breach largely exposed patients’ names, phone numbers and postal addresses, though 169,000 patients also had doctors’ notes that “some of which may be sensitive data”; the ministry stressed that no prescriptions or results of biological examinations were involved. Cegedim Sante has filed a criminal complaint over the hack in October 2025, and the company’s software is used by around 25,000 medical practices and 500 health centres.
The incident follows a separate warning that 1.2 million French bank accounts were hacked using an official’s credentials. Notably, in September 2024 CNIL fined Cegedim Sante 800,000 euros for processing health data without authorisation in violation of the GDPR.