Cyber Incident Victim: Almerys
Date:
Feb 2024
Location:
France
Summary
A cyberattack targeted French third-party payment operators Viamedis and Almerys, compromising sensitive policyholder data including civil status, birthdates, social security numbers, insurer details, and payment guarantees. The breach originated from a phishing attack against a healthcare professional linked to Viamedis, granting unauthorized access to systems handling data for 20 million individuals through 84 health insurers, with Almerys impacting additional millions. Exposed information creates significant phishing risks, as attackers could impersonate health organizations or financial institutions to harvest banking details or other personal data. The incident underscores escalating threats against healthcare intermediaries, particularly with increased digital service adoption, where stolen social security numbers hold high value due to their permanence and utility in fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Viamedis, a French third-party payment administrator serving 84 health insurers and approximately 20 million policyholders, suffered a cyberattack that forced its website offline. The breach originated from a successful phishing attack targeting a healthcare professional’s account, where the victim clicked a fraudulent email link. This compromised access allowed attackers to exfiltrate policyholder data including full names, dates of birth, social security numbers, health insurer names, and payment guarantee details. Viamedis issued a public statement confirming the data exposure and maintained an inaccessible website for four days while working to restore services with enhanced security measures. On February 5, 2024, French insurance publication L'Argus de l'assurance reported a separate cyberattack against Almerys, another major third-party payment operator, potentially exposing millions more policyholders’ data. Both incidents disrupted healthcare payment processing systems relied upon by pharmacies and medical providers for claims management.
The compromised data created significant risks for affected individuals, particularly targeted phishing campaigns impersonating health organizations or financial institutions to harvest banking details or other sensitive information. Attackers could leverage immutable identifiers like social security numbers—which cannot be changed—to increase the credibility of fraudulent communications. Healthcare professionals reported increased volumes of suspicious emails following the breaches, indicating early stages of attacker reconnaissance or exploitation. The Clusif (Club de la sécurité de l'information français) highlighted the operational irony that a phishing attack caused the Viamedis breach while warning that similar tactics would likely target exposed policyholders. No ransomware claims or direct financial extortion attempts were disclosed in initial reports. Sector analysts noted the incidents exemplified rising cyber targeting of healthcare intermediaries due to the high resale value of medical identity data on illicit markets.