Saint-Ouen-L'Aumône, July 5th 2021
Dear Madam, Dear Sir,
We would like to inform you that our Laboratory has been the victim of a data theft following a failure of one of our service providers, in charge of hosting one of our databases.
This database containing patients' information was momentarily exposed on the Internet. The investigations we immediately conducted enabled us to conclude that unauthorised persons accessed this database and that a certain volume of data, including patients' personal data, had been exfiltrated. To date, these data have not, to our knowledge, been used.
The safeguard of our patients' data being our core priority, as soon as this incident was identified:
Finally, we informed the competent supervisory authorities (i.e. the French Data Protection Authority (CNIL) and the Regional Health Authority) of this incident and filed a complaint to the police services.
The following categories of personal data might be impacted:
The database did not contain any information relating to social security numbers (NIR), bank details or postal, electronic or telephone contact details.
Our recommendations
Despite the absence of any use of these data to date, we recommend that you lookout for any unusual canvassing which could look like an attempted fraud.
If you have any questions, please send us an e-mail to rpd.cerba@lab-cerba.com or a letter to RPD - CERBA - 7-11 Rue de l'Équerre, 95310 Saint-Ouen-l'Aumône.