Around 15.8 million administrative files were stolen after attackers breached a software supplier to France’s health ministry.
The supplier, Cegedim Santé, confirmed the data was compromised in late 2025. Approximately 165,000 of these files contained notes penned by doctors, which in “very limited cases” contained sensitive information about an individual’s medical history.
According to broadcaster France 24, which first reported the news, these medical histories included, in some cases, details of conditions such as HIV/AIDS and individuals’ sexual orientations. Top politicians were reportedly among the individuals whose info was extracted.
The attack targeted Cegedim’s MonLogicielMedical (MLM) software, which it claims is used by 3,800 doctors across France, 1,500 of whom were affected.
MLM allows patients to check their health records electronically, communicate with their physician, and offers doctors a range of administrative features.
Cegedim confirmed that all the stolen information was contained in patients’ administrative files. In addition to doctors’ notes accessed “in free text,” the files also included information such as full names, genders, dates of birth, telephone numbers, home addresses, and email addresses.
“Cegedim is particularly committed to data sovereignty and security, and deeply regrets this situation,” the vendor said [PDF].
“The company is fully aware of the inconvenience that this incident may cause. Cegedim reaffirms its total commitment to the fight against cybercrime and data protection, which are major societal issues. Cegedim also reiterates that it is cooperating with the relevant authorities in the ongoing investigation.”
The Register contacted the health ministry for more information but it did not respond.
News of the attack comes just weeks after a separate data security incident, also concerning the French government, came to light.
The country’s finance ministry confirmed on February 18 that in January, attackers accessed its national bank account file, which contains the details of all bank accounts in France.
Attackers stole details pertaining to around 1.2 million accounts, including account numbers, account holders’ addresses, and tax identification numbers.
Affected individuals were notified directly and warned to be vigilant for potential phishing attempts.
The government said that whoever was behind the attack impersonated a civil servant “with access rights for inter-ministerial information exchange,” and accessed a portion of the file. ®