Cyber Incident Victim: Viamedis
Date:
Feb 2024
Location:
France
Summary
A healthcare payment processor suffered a cyberattack after a healthcare professional's account was compromised via a phishing email, exposing personal data of approximately 20 million insured individuals through 84 affiliated insurers. The breach compromised names, birthdates, social security numbers, insurer details, and coverage information. Attackers could exploit this data for targeted phishing campaigns or identity theft to obtain additional sensitive information like banking details. A separate payment operator, Almerys, was also breached under similar circumstances, amplifying risks for millions more policyholders. Such incidents highlight escalating threats against healthcare intermediaries, driven by the high resale value of immutable identifiers like social security numbers and the expansion of digital health services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Viamedis, a French third-party payment administrator for 84 health insurers covering 20 million policyholders, suffered a cyberattack that forced its professional-facing website offline. The attack originated from a phishing email targeting a healthcare provider, who clicked a fraudulent link, enabling unauthorized access to Viamedis’s systems. By February 5, the website remained inaccessible, displaying a message stating all teams were mobilized to restore services with maximum security. Concurrently, another third-party payment operator, Almerys, confirmed a separate cyberattack potentially impacting millions more policyholders. Viamedis disclosed that compromised data included policyholders’ civil status, birthdates, Social Security numbers, insurer names, and payment guarantee details—information sufficient for identity theft or financial fraud. The company issued a public statement acknowledging the breach but did not specify technical containment measures beyond the website takedown.
The incident exposed policyholders to heightened phishing risks, as attackers could leverage stolen data to impersonate health organizations or banks and solicit additional sensitive information like banking details. Luména Duluc of the French cybersecurity association Clusif emphasized this threat, noting Social Security numbers’ immutable nature increased their black-market value, incentivizing targeted attacks against healthcare intermediaries. Pharmacist Thierry Renaudin corroborated rising suspicious email volumes, linking the trend to expanded telemedicine and digital prescriptions. While Viamedis’s direct clients were health insurers, the breach ultimately endangered end-user policyholders across partnered entities like Carte Blanche Partenaires, Itelis, Kalixia, and Santéclair. No ransomware claims or financial extortion attempts were reported, but the dual attacks on Viamedis and Almerys underscored systemic vulnerabilities in France’s healthcare payment infrastructure.