Paris, France – A significant data breach affecting millions of French citizens has been traced back to a cyberattack on Cegedim, a company specializing in software for medical professionals. The incident, which came to light on February 26, 2026, has raised concerns about the security of sensitive patient information and the potential for misuse.
According to reports, the compromised data originated from Mon Logiciel Médical (MLM), a software program used by approximately 3,800 doctors in France. Cegedim identified “abnormal behavior” on the software late in 2025 and subsequently determined that personal data of patients had been illegally accessed or extracted. The company stated it has secured access, filed a complaint, and reported the data leak to the Commission nationale de l’informatique et des libertés (CNIL).
While the bulk of the stolen data is administrative – including patient names, phone numbers, and email addresses – the breach also included some highly personal information in a limited number of cases. This included details about patients’ sexual orientation, family members’ incarceration, and HIV status, which were reportedly entered as personal notes by physicians. Cegedim clarified that such sensitive annotations were limited to a “very small number of patients.”
An initial analysis of the stolen data revealed information on nearly 300,000 patients, with only a small portion containing medical or private details. The incident underscores the vulnerability of healthcare data and the importance of robust cybersecurity measures.
The cyberattack was initially claimed by a hacker known as Ezx on the Breach Forums website, who advertised the data for sale. Subsequently, a group identifying as DumpSec, known for its pro-Russian affiliations, asserted responsibility for the massive data extraction, claiming they had stolen the database from Ezx. The attackers reportedly gained access to the system using a doctor’s credentials, then employed a technique called “scraping” to automatically extract the data.
Cegedim has confirmed that approximately 1,500 doctors using the MLM software were affected by the breach. Estimates suggest that as many as 15 million French citizens may have had their data compromised. The Paris prosecutor’s office has opened a judicial inquiry, assigning the case to the cybercrime unit.
The incident highlights the risks associated with storing sensitive patient information digitally and the potential for breaches even with security protocols in place. The case also raises questions about the security of “comment” or “notes” fields within medical software, as these appear to have been a pathway for the leak of particularly sensitive personal data, as journaldunet.com reports.
