What Happened
In late 2025, Cegedim Santé, a French healthcare software provider (part of cegedim.com), suffered a major data breach when attackers exploited compromised OWA credentials, VPN gateways, and Zendesk accounts to illegally access and exfiltrate 15.8 million administrative records from its MonLogicielMedical (MLM) software, used by 3,800 doctors across France with 1,500 affected. The exposed data included sensitive PII such as full names, genders, dates of birth, physical addresses, phone numbers, and email addresses for patients of these practices, plus free-text doctor’s notes containing highly sensitive clinical metadata (e.g., HIV/AIDS diagnoses, sexual orientation, chronic conditions) for approximately 165,000-169,000 patients. The incident was detected via abnormal application queries at year’s end, contained promptly, reported to France’s CNIL and prosecutors (with a complaint filed in October 2025), and publicly confirmed by Cegedim on February 26, 2026, after media reports; threat actors marketed the data on dark web forums following a failed extortion attempt, affecting even top politicians but sparing structured medical records like prescriptions. This follows a prior €800,000 CNIL fine in September 2024 for unauthorized health data processing.
