Cyber attacks and data breaches in review: September 2021

In September, we noted 97 security incidents comprising 91,127,815 million breached records. A single incident accounted for 61 million of those breached records – the same number compromised in the whole of August.

As ever, you can find the full list of September’s incidents on our UK website. Here, we examine some of the more notable European incidents in greater depth.

1.4 million Parisians’ COVID-19 test data stolen

The Paris public hospital system, AP-HP (Assistance Publique – Hôpitaux de Paris), has revealed that it was hacked in mid-2020 and files relating to 1.4 million people were accessed.

The stolen data related almost exclusively to COVID-19 tests carried out in Île-de-France and included patients’ names, social security numbers, contact details and test results, as well as the names of and contact information for the medical professionals who tested them.

No other health information was affected.

In a statement published on 15 September, AP-HP stated that “the theft could be linked to a recent security flaw in the digital file-sharing tool acquired by AP-HP and hosted on its own technical infrastructure”.

The compromised service is no longer available. SI-DEP, the national contact system, was unaffected by the attack.

According to RFI (Radio France Internationale), hospital officials have filed a complaint with the Paris public prosecutor, and the CNIL – France’s data protection regulator – has been notified.

700,000 French COVID-19 test results exposed

The AP-HP incident is not the only one affecting French healthcare providers. Earlier in September, COVID-19 test results and identifying information for 700,000 people were leaked after a breach in a platform built for pharmacists to interface with the secure SI-DEP system.

The Connexion reports that the Francetest platform “was alerted to the bug in its system by the online investigative journal Mediapart and it was fixed overnight on August 27”.

Mediapart found that “patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results were ‘accessible to all in a few clicks’”.

The security vulnerability was discovered by a patient who tried to access her test results. She realised that “she could access files containing patient information via the URL tree and even create an account without being a pharmacist”.

The General Directorate of Health has since reminded pharmacists about the compatible software that is approved to use with SI-DEP. This does not include Francetest.

Major European call centre incapacitated by ransomware attack

One of Europe’s largest call centre providers, GSS, has suffered a ransomware attack that froze its IT systems, affecting customer service support for numerous companies in Spain and Latin America.

According to The Record, affected services included “Vodafone Spain, the MasMovil ISP, Madrid’s water supply company, television stations, and many private businesses”.

GSS told customers that it had taken down its affected systems and was using Google-based services as an alternative. It said: “None of the applications will be working until the incident is resolved.”

A spokesperson for GSS’s parent company, Covisian, told The Record that “the attack was carried by the Conti gang on Saturday, September 18” but that there was “no evidence of leakage of any personal data”.

According to Crowdstrike, the threat group behind the Conti ransomware is known as ‘WIZARD SPIDER’, and is based in St Petersburg.

Are you prepared for cyber attacks?

If you suffer a cyber security incident, IT Governance is here to help.

Our Cyber Incident Response – Emergency Support service gives you the help you need to deal with the threat. Our experts will guide you through the recovery process, reviewing the breach, mitigating the damage and ensuring that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.