Cyber Incident Victim: Les Laboratoires Français Cerballiance
Date:
Feb 2025
Location:
France
Summary
Cerballiance laboratories in the PACA region experienced a cyberattack that gave unauthorized access to a server holding patients’ administrative data. The compromised information includes names, dates of birth, postal addresses, telephone numbers, email addresses, and social security numbers together with regime, cash centre, end‑of‑rights dates and mutual insurer details, while medical records were reported as unaffected. The company notified the national cybersecurity agency, the data protection authority, the digital health agency and the regional health authority, stating it had identified and neutralized the breach source and launched an investigation to determine the exact scope. Affected individuals were informed directly and a dedicated telephone line and email address were made available for further inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 21, 2025, Cerballiance laboratories Provence‑Azur and Alpes Durance announced via email that they had been victims of a cyberattack. The breach involved unauthorized access to a server containing administrative patient data. Exposed information included civil status details such as name, first name, and date of birth, as well as postal addresses, telephone numbers, and email addresses. Additionally, attackers obtained social security‑related data, namely the NIR (social security number) together with regime, caisse, and centre codes, end‑of‑rights dates, and the names of patients’ mutuelles. Cerballiance stated that medical data were not affected by the incident.
Following detection, Cerballiance reported the breach to the French national cybersecurity agency ANSSI, the data protection authority CNIL, the Agence du Numérique en Santé, and the Agence Régionale de Santé of the PACA region. The company said it had quickly identified and neutralized the source of the vulnerability and had strengthened its internal security protocols. An investigation was launched to determine the precise scope of the data leak and to identify all affected individuals. Patients concerned were notified directly by electronic mail. A dedicated toll‑free telephone number (0800 95 27 27) was made available, operating weekdays from 10 h to 12 h and from 14 h to 16 h, and an email address ([email protected]) was provided for further inquiries.
The incident was described in the article as a new security failure in the healthcare sector that should heighten concerns about the protection of sensitive information in medical settings. The breach exposed administrative identifiers and social security data. Cerballiance indicated that it would continue to cooperate with the authorities and monitor the situation as the investigation proceeds. The company affirmed its commitment to improving safeguards to prevent similar events in the future.