Distrust if you are the recipient of an email from Health Insurance that causes a data leak: Your social security number is probably in the wrong hands. Social Security began last week warning people affected by the hacking of their AmeliPro platform, the existence of which was revealed on March 17.
At the request of RTL, Health Insurance confirms the authenticity of this communication and specifies that the first emails left on Thursday 24 March to the victims. Some patients will be notified by mail starting this week.
In all, nearly 510,000 people affiliated with Health Insurance were affected by the incident, which saw unauthorized individuals linking to AmeliPro accounts stolen from healthcare professionals whose email addresses had been compromised. The consequences can be significant as the compromised data includes number of security social in addition to identity and contact information patients.
Consider that compromised information is in nature
At present, the Health Insurance states this the personal data of 510,000 policyholders were thus revealed. This data contains elements that relate to the identity of persons such as surname, first name, date of birth and gender, but also, more problematically, the social security number.
The attackers also had access to information regarding the rights of the insured, such as statement from attending physician, allocation of supplementary health or state medical care and any 100% coverage. On the other hand, contact information (e-mail, address, telephone) and bank details of patients are not affected, as is information on pathologies and care.
Asked by RTL, Health Insurance said last week “not knowing in the state whether the attackers have just consulted the data or whether they registered them, but the probability is very high that they copied them”. It should therefore be assumed that all information exposed to attackers is certainly in nature.
The most likely risk: being the subject of targeted fraud
The first thing to do is realize the importance of the data being compromised and what it means to you. Identity data and contact data are not necessarily the most sensitive information. They can be easily found on most of the sites you use and they have probably been data leaked in the past.
This incident is a bit more sensitive insofar as the data that the hackers have obtained is authentic as it comes from an official organization and newer. The attackers have, for example, information about the rights of the insured, about their complementary health or their entitlement to state medical care. This information can be used to make highly targeted scams that rely on real facts from the targeted individuals to extract additional data, passwords or money from the victims.
This hacking should therefore force you to be very vigilant in the future against calls of any kind, and especially those concerning your health and your social security rights. If you receive an email, text message, or phone call, be sure to cross-check the information directly with that organization, by calling the official number or by connecting to the official website.
In general, never give out personal information, password, or numeric code in the body of an email, in response to an SMS or phone call without verifying the identity of your interlocutor.
Leaking social security number poses a risk of identity theft
Another pitfall, more problematic if it happens, the loss of the social security number exposes the victims of the data leak to one day become the subject of identity theft. Possessing this information, an identity and a date of birth, cybercriminals can actually forge documents in order to generate new vital cards or take out consumer loans.
The leak of the social security number is all the more problematic as this identification number is assigned for life and provides access to a wide range of online services via the platform FranceConnectwhich centralizes more than 700 civil procedures such as taxes, the child benefit fund or the health insurance site.
The first thing to do is to secure access to your social security account. Connect to your Ameli online site and take the opportunity to verify that there is no abnormal activity and change your password. It is imperative to set a strong and unique password that you do not use elsewhere. To do this, find a combination of uppercase and lowercase letters, numbers, and special characters that have no relation to your identity. If you have never connected to this space, now is the time to create your account and secure it.
Also think about accounts that could be damaged by someone with your social security number, and change passwords if necessary.
More generally, this theft of information requires long-term vigilance on your part. Monitor the movements of your various accounts, pay attention to the correct receipt of invoices and mail in general. If in doubt, you can verify that no account has been opened in your name under your identity by consulting the FICOBA bank account file (via a CNIL record) or by contacting the Banque de France directly.
What funds are possible?
If you believe that you have been the victim of identity theft as a result of this data theft, it is possible to obtain advice on the official CyberMalveillance victim assistance platform and to lodge a complaint with a police station or police station.
Once the authorities have clarified the chain of responsibility behind the leak, victims can sue to request compensation from the data controller, provided that it can detect an error on his part. ONE group action can also be engaged through an association or by seizing a lawyer representing multiple victims.
Given the extent of the leak, the authorities are likely to offer an online complaint form to enable victims to assert their rights in the event of damage suffered in connection with this incident. It is also possible to file a complaint or file a complaint to detect theft of data and protect against possible identity theft. Whatever happens, these procedures promise to be long and complex, and the best response is to maintain a high level of vigilance.
This new massive leak of health data comes six months after the theft from APHP of data from one and a half million people screened for Covid-19 in mid-2020. By early 2021, a health data file relating to well over 500,000 French nationals had already been freely distributed on the Internet following a computer hack by a medical laboratory provider.