Viamedis, a French third-party insurance payment provider for roughly 84 healthcare providers and 20 million insured individuals, has reportedly confirmed it suffered a cyberattack that exposed the data of various stakeholders. 

As per Viamedis' LinkedIn post, as reported by Bleeping Computer, the cyberattack exposed customers' social security numbers, date of birth, marital status, health insurance company name, as well as data open to third-party payment providers, but the organization has made it clear that no one's bank account information, postal address, phone number, or email address was stored on the compromised systems.

(Photo : ROB ENGELAAR/ANP/AFP via Getty Images)
Sweden has grappled with disruptions in their online services following a ransomware attack attributed to a Russian hacker group.

Reports indicate that Viamedis disclosed the data breach on February 2, before the post; however, customers clients already notified of the breach via email on February 1 by one of Viamedis'.

Although Viamedis has not disclosed the exact number of people who were impacted, it is known that it oversees payments for 84 healthcare groups that provide coverage to 20 million covered people.

Read Also: Clorox Discloses September 2023 Cyberattack Cost $49 Million in Total Expenses 

Viamedis' Measures

A probe is reportedly being conducted to ascertain the extent of the hack, according to the company's general director, Christophe Candé. Candé also states that the data breach was not a ransomware attack. Instead, they point to an employee's account being phished as the reason.

Viamedis' website remains down, but customers of the French healthcare firm maintained that all of its staff have been deployed to ensure that the website, which is meant for healthcare professionals, can be reopened as soon as possible under the strictest safety standards, even if it is still unavailable.

As for the millions of insured individuals, Candé notes that recipients can use their third-party payment card and vital card as usual, even while the portal is unavailable.

The National Agency for Information Systems Security (ANSSI) and the National Commission for Information Technology and Liberties (CNIL) have also been informed of the breach by the company. 

Cyberattacks Against Healthcare Providers

As for the potential impact, threat actors responsible for the hack could reportedly sell the data on unofficial sites or utilize it to carry out different social engineering strategies to mislead affected policyholders.

Millions of recipients could also be tricked by a phishing email or call requesting that they confirm personal information and give passwords, credit card numbers, or bank account information.

Furthermore, a variety of nasty individuals might utilize the data repeatedly. Affected customers are now encouraged to be on the lookout for suspicious activity, check their accounts, and never reply to unsolicited requests for information.

Studies suggest that the healthcare sector is particularly vulnerable to cyberattacks due to the dynamic and constantly evolving nature of a patient's medical care and the volume of clinicians, facilities, and transactions required to connect patient care across multiple settings.

Bleeping Computer adds that according to French local media, Viamedis was not the only organization targeted by the malware. It has been reported that "Almerys," a business that processes payments for healthcare institutions, was also a target. 

Related Article: Hackers Are Increasingly Targeting Healthcare Providers