Have a million contours of Health Insurance really been hacked?

Stop the rush! The identifiers of 1 million accounts of ameli.fr, the site of the Health Insurance, would be for sale. This information, found on the Zataz website (which sells a surveillance service on data leaks) has been reproduced as such through several media, especially in the trade press or through TF1. Problem? Unable to verify its veracity.

Only sure element of the case: an individual, «tbest known in the midst of digital malware » according to Zataz, has put up for sale a database that according to him contains 1 million duos username / password for the site ameli.fr. In other words, enough to connect to the Ameli account of one million policyholders. This data will be after malfaiteur «maintain and private »that is, never seen before, which would justify the price of the file: 6,000 dollars (about 5,705 euros).

Any other conclusion on the case is speculation, for the good reason that no media has bought the database – which would otherwise be illegal – and therefore no one knows its contents. The database could correspond to the perpetrator’s promises, as well as contain unrelated data, which is common among cybercriminals.

No problems detected for Health Insurance

Contacted by La Tribune, l’Assurance Maladie explains that you are aware of this sales stake, but you have not detected any anomalies in the computer systems. Which is abnormal if the leak is real. « ITThe data leak mentioned by the article published by the Zataz site does not correspond to any attack detected by the Health Insurance within its information systems. No data theft that allows policyholders access to your Ameli account has been detected through our systems that monitor connections to our teleservices to spot abnormal behavior. We are therefore not in a position to confirm the accuracy of the information reported, which does not correspond to a finding made in our tools, or to reports from our policyholders.»she wrote.

Traducere: the Health Insurance therefore indicates that it thinks that there was no leakage, but it can not risk claiming it until the contents of the file sold by the criminalul have been verified cybernetic. Even cyber security tools can detect unusual behavior – it is likely that a million connection identifiers have been exploited almost simultaneously by malfaiteurs – there is a margin for error. Et tant que l’Assurance Maladie cannot control the basic claim of the identifiers, there is a possibility to propose malfaiteur to be true.

Face à ces menaces, the body already has several measures in place to reduce the risks. For example, he set up sending each email to the Ameli account from an email to the email address linked to the account. Thus, he does not make sure that he receives a connection e-mail rather that he is not agitated, he can immediately change a password and signals a possible usurpation of the identity to Assurance Maladie. For its part, the body will continue to look for unusual behaviors. « We monitor and provide new actions to monitor the uses of the teleservice assembly for the adapter and the continuation of the cyber operators’ modes. He wrote.

Phishing waves

If the database corresponds to what the wrongdoer is saying, it would be necessary for the Caisse nationale d’assurance maladie (Cnam) to find out its origin. The institution is currently sidelining the track of a successful cyberattack, which is why Zataz and other media outlets are evoking the possibility that data has been recovered by phishings. These fraudulent messages pretext, for example, a false reimbursement from the Health Insurance to extort data from the least prudent people.

These phishings return at regular intervals, and the Health Insurance specifies to The Tribune that « Phishing attempts have multiplied in recent times, with malicious people looking to get insured directly from their login credentials and passwords ». Several conclude that the data claims of the file for sale for $ 6,000 come from a phishing operation and do not return for the time of speculation. Plus, usually, nothing allows for the moment to confirm the proposed du malfaiteur.

However, like any organization, the National Health Insurance Fund (Cnam) is not immune to cybersecurity incidents. In March, they had made public – as provided for in the General Data Protection Regulation (GDPR) – piracy « of at least 19 Amelipro contours » belonging to health personnel. The perpetrators had taken advantage of their access to siphon several types of data, belonging to 510,000 insured: name, first name, date of birth, sex, social security number, doctor’s statement, award of complementary solidarity health or assistance state medical, possible 100% care. The Cnam had reported the incident to the French gendarme of the data – the Cnil – as required by law, and it had also filed a criminal complaint. No trace of a possible sale of this data has been made public to date.