Cyberattack in France compromises data of 15 million medical patients

AFP- A cyberattack against 1,500 doctors in France at the end of 2025 leaked personal data of patients, the company responsible for the software announced Friday, while the health ministry estimates the number of potentially affected people at 15 million.

According to Cegedim Santé, publisher of the MLM software used by 3,800 physicians in France, 1,500 of them were victims of a cyberattack detected in late 2025 when "abnormal behavior in the application's requests" was identified.

"After thorough investigations, it was found that personal patient data from the MLM system were illegally consulted or extracted," the company said in a statement, without specifying the exact number of people affected.

The compromised data came "exclusively" from patients' administrative records (name, last name, sex, date of birth, telephone number, etc.), although "a very limited number" of people are at risk of having "personal annotations of the doctor with sensitive information" released, AFP explained.

The French Ministry of Health confirmed that administrative data such as "name, last name, telephone number and/or postal address" were leaked, and that 15 million French people are affected.

For 169,000 patients, this data includes notes by doctors, which represents about 1% of cases, the ministry specified during a press conference following the report by public broadcaster France 2.

According to France 2, the leaked data included information on important political leaders.

Health Minister Stéphanie Rist asked Cegedim Santé to explain the causes of the incident, the "corrective measures" taken and the "guarantees" offered to prevent further data leaks.