![[Mathieu Thomasset / Hans Lucas / Hans Lucas via AFP]](/cdn-cgi/image/onerror=redirect,width=640,height=640,format=webp/https://storage.googleapis.com/uploads.mongoosehq.com/url/media/108422064/3acf9e752776f46cc7f46ad5e7d8ba3987935f360b05faf4f85ef552fed247f8)
![[Pexels]](/cdn-cgi/image/onerror=redirect,width=640,height=640,format=webp/https://storage.googleapis.com/uploads.mongoosehq.com/url/media/108361989/403f65e1534ab98c04946a4abb7204c7b2a73233450d65f12123c2ce2b10d6a6)
Overview
- A late‑2025 intrusion targeting Cegedim Santé’s MLM software compromised accounts of 1,500 doctors and allowed unlawful access to patient records.
- The Health Ministry reports roughly 15 million patients in the leaked dataset, including about 169,000 entries with free‑text doctor notes that may contain sensitive details.
- Cegedim says only administrative fields were exposed and that structured medical records were not accessed, and it has filed a complaint and notified practitioners.
- The Paris prosecutor has opened a judicial inquiry assigned to the cybercrime brigade, while the CNIL says it cannot yet confirm the breach’s full scope and will conduct checks.
- Parts of the dataset are reported to be circulating on dark‑web forums and offered for sale, with hacker claims unverified, as the ministry orders immediate corrective measures from Cegedim.