It was the ZATAZ monitoring service that sounded the alarm. According to him, more than a million French women and men have had their health insurance account hacked resulting in a data leak on the web. In question, an operation against the site of the Health Insurance, Ameli.fr. At the time of writing these lines, this personal data is for sale on the web.
Health Insurance Hack: What Happened?
Despite the importance of the data passing through the Health Insurance site, the flaws on the platform have been increasing lately. After private messages and letters, it is therefore the turn of personal health information to circulate on the web.
An ill-intentioned individual has indeed put up for sale a million usernames and passwords allowing access to the accounts of the insured. If the latter has not revealed his method for obtaining this information, two hypotheses are considered: a 0-day fault or (more probably) a massive phishing campaign.
In the latter case, the victims would then have fallen into a trap that has become classic: a fake e-mail asking to give information again, a fake SMS, etc.
Why health insurance hacking should not be taken lightly?
If this leak worries, it is because it gives access for the first time to extremely sensitive data. The pirated information from the Health Insurance goes from the social security number to the postal address passing, on the side of the practitioners, by the bank details necessary for reimbursements.
Putting them on sale is therefore giving a chance to other ill-intentioned people to exploit this information for personal ends or for fraud: identity theft, embezzlement, theft of personal data.
This is all the more worrying as the hacker behind this leak is only asking for $6,000 or about 5,700 euros to get your hands on this list of one million accounts.
How do you know if you are affected by the Health Insurance hack?
Since the most probable hypothesis of the origin of the hack is a phishing campaign, be sure to first check that you have not replied to a suspicious e-mail or text message from the Health Insurance.
Whether you made the mistake or not, change all your AMELI account access passwords. Finally, carefully monitor the activity of your AMELI account in the weeks and months to come while waiting for the Health Insurance to strengthen its security.
In the meantime, the home page of the Ameli.fr site displays a red banner inviting you to be vigilant against phishing attempts. There is a series of tips to avoid being trapped. A reassuring first step while waiting for better.