what to do if you have received the email from Health Insurance?

Distrust if you are the recipient of an email from Health Insurance evoking a data leak: your social security number is probably in the wrong hands. Social Security began last week to warn people affected by the hacking of its AmeliPro platform, the existence of which was revealed on March 17.

Requested by RTL, Health Insurance confirms the authenticity of this communication and specifies that the first emails left Thursday March 24 for the victims. Some patients will be notified by mail starting this week.

In total, nearly 510,000 people affiliated with Health Insurance are affected by the incident which saw unauthorized people connecting to AmeliPro accounts stolen from health professionals whose email addresses had been compromised. The consequences can be significant since the compromised data includes the number from security social in addition to identity and contact information patients.

Consider that compromised information is in the wild

At this stage, the Health Insurance indicates that the personal information of 510,000 policyholders was thus exposed. These data contain elements relating to the identity of persons such as surname, first name, date of birth and gender, but also, more problematically, the social security number.

The attackers also had access to information relating to the rights of the insured, such as statement from a treating physicianthe allocation of complementary health or state medical aid and possible 100% coverage. On the other hand, contact details (email, address, telephone) and bank details of patients are not concerned, as is information relating to pathologies and care.

Questioned by RTL, Health Insurance said last week “not knowing in the state if the attackers just consulted the data or if they recorded them but the probability is very high that they copied them”. It should therefore be assumed that all information exposed to attackers is definitely in the wild.

The most likely risk: being the subject of targeted scams

The first thing to do is to realize the importance of the data that is compromised and what it means for you. Identity data and contact data are not necessarily the most sensitive information. They can be found fairly easily on most sites you use, and they’ve probably been data leaked in the past.

This incident is a little more sensitive insofar as the data obtained by the hackers is authentic, since it comes from an official organization, and recent. The attackers have information on the rights of the insured, on their complementary health or their eligibility for state medical aid, for example. This information can be used to craft highly targeted scams that rely on real facts from the targeted individuals to extract further data, passwords or money from the victims.

This hacking must therefore push you to be very vigilant in the future in the face of solicitations of all kinds, and particularly those relating to your health and your rights to Social Security. If you receive an email, an SMS or a phone call, be sure to cross-check the information directly with the organization concerned, by calling the official number or by connecting yourself to the official site.

In general, never provide personal information, password or numerical code in the body of an email, in response to an SMS or on the phone without having verified the identity of your interlocutor.

Leaking social security number poses risk of identity theft

Another pitfall, more problematic if it comes to pass, the loss of the social security number exposes the victims of the data leak to one day being the subject of identity theft. In possession of this information, an identity and a date of birth, cybercriminals can in fact falsify documents to generate new vital cards or take out consumer loans.

The leakage of the social security number is all the more problematic since this identification number is assigned for life and gives access to a multitude of online services via the platform. FranceConnectwhich centralizes more than 700 civil procedures such as taxes, the family allowance fund or the Health Insurance site.

The first thing to do is to secure access to your social security account. Connect to your Ameli online space and take the opportunity to check that there is no abnormal activity and change your password. It is imperative to set a strong and unique password that you do not use anywhere else. To do this, find a combination of upper and lower case letters, numbers and special characters that have no relation to your identity. If you have never connected to this space, now is the time to create your account and secure it.

Also think about accounts that can be corrupted by someone with your social security number and change passwords if necessary.

More broadly, this theft of information requires long-term vigilance on your part. Monitor the movements on your various accounts, pay attention to the correct receipt of invoices and mail in general. If in doubt, you can check that no account has been opened in your name under your identity by consulting the FICOBA bank account file (via a CNIL entry) or by contacting the Banque de France directly.

What remedies are possible?

If you believe you have been the victim of identity theft as a result of this data theft, it is possible to obtain advice on the official CyberMalveillance victim assistance platform and to file a complaint with a police station or a police station.

The editorial staff recommends

Once the authorities have clarified the chain of responsibility behind the leak, victims can sue to request compensation from the data controller provided that it can demonstrate a fault on his part. A group action may also be engaged through an association or by seizing a lawyer representing several victims.

Given the magnitude of the leak, the authorities are likely to offer an online pre-complaint form to enable victims to assert their rights in the event of damage suffered in connection with this incident. It is also possible to file a complaint or file a complaint to record the theft of data and protect against possible identity theft. Whatever happens, these procedures promise to be long and complex and the best response is to maintain a high level of vigilance.

This new massive leak of health data comes six months after the theft from the APHP of the data of one and a half million people screened for Covid-19 in mid-2020. At the beginning of 2021, a health data file concerning just over 500,000 French citizens had already been freely distributed on the Internet after a computer breach by a medical laboratory provider.

The editorial staff recommends

About the author


Leave a Comment