Cyber Incident Victim: Hôpital privé de la Loire
Date:
Jun 2025
Location:
France
Summary
Hôpital privé de la Loire in Saint‑Étienne suffered a cyberattack that resulted in the theft of personal data belonging to more than 126 000 patients. The breach, which did not disrupt the clinic’s operations, exposed mainly administrative information such as identity and health insurance details, while medical data were compromised for about forty individuals who will be contacted separately. An email notification was sent to all affected patients, and the Paris prosecutor’s cybercrime unit has opened an investigation assigned to the Office anti‑cybercriminalité. The clinic’s parent group, Ramsay, declined to comment on whether a ransom demand was made.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 26, 2025, attackers gained unauthorized access to the computer network of the Hôpital privé de la Loire located in Saint‑Étienne, and the intrusion remained active until July 1, 2025. The breach was described by the hospital as a massive cyberattack that targeted the facility’s information systems. As a result of the intrusion, personal data belonging to more than 126,000 patients of the clinic were exfiltrated. The compromised data consisted almost exclusively of administrative information, including items such as national identity cards, health insurance (Vitale) cards and related documents. Only a small number of patients had medical records affected; the hospital’s communication officer specified that forty individuals had their medical information compromised. The incident did not interfere with the delivery of care, and the clinic’s clinical operations continued without interruption throughout the period of the attack. Hospital officials confirmed that the attack did not affect the functioning of the facility’s services or its ability to treat patients.
After the breach was identified, the hospital sent an email notification on the following Thursday to all more than 126,000 patients whose data had been accessed. The communication officer stated that the forty patients whose medical data were involved would be contacted individually to provide further information and support. Details of the attack were reported by the regional newspaper Le Progrès, prompting the Paris prosecutor’s office to become involved. The prosecutor’s office announced that its cybercrime section had been seized of the case and that an investigation had been entrusted to the Office anti‑cybercriminality (OFAC) of the judicial police. Officials from the prosecutor’s office noted that this type of hospital‑focused hacking has been increasing in recent months. The private hospital group Ramsay, which presents itself as the leader of European private hospitalization and operates the Hôpital privé de la Loire, declined to state whether a ransom demand had been made during the incident. Thus, the response combined patient notification, targeted follow‑up for the subset with medical data exposure, and judicial investigation.