A cyberattack detected at the end of 2025 has compromised the personal data of patients managed by 1,500 doctors in France, according to the company responsible for the affected software program. The French Ministry of Health estimates that up to 15 million people could be affected by this leak.
The attack affects administrative files
Cegedim Santé, publisher of the MLM software used by 3,800 doctors in the country, reported that the incident was discovered upon detecting anomalous behavior in the application's requests. Following an internal investigation, the company confirmed that personal data of patients from the MLM system were accessed or extracted illegally.
The compromised information comes exclusively from the administrative file of the patients. Among the leaked data are name, surname, sex, date of birth, telephone, and postal address. The Ministry of Health has confirmed that the leak affects administrative data, although in 169,000 cases, approximately 1% of the total, personal notes from doctors with sensitive information are included.
Impact and institutional response
The Ministry of Health has stressed that the number of affected rises to 15 million citizens. Among the leaked data, according to published information, there are references to political leaders of national relevance.
The Minister of Health, Stéphanie Rist, has requested from Cegedim Santé detailed explanations about the causes of the incident, as well as information about the corrective measures adopted and the guarantees to prevent new leaks.
"Following exhaustive investigations, it was verified that personal data of patients from the MLM system were consulted or illegally extracted" - Spokesperson, Cegedim Santé
The investigation into the origin and scope of the cyberattack remains open. Health authorities have asked the company responsible for the software to strengthen security protocols and keep affected professionals informed.