The French health ministry has confirmed that around 15 million people in France were affected by a massive medical data breach following a cyberattack discovered at the end of 2025, according to AFP.
The breach targeted 1,500 doctors using software developed by Cegedim Santé. The company's MLM software is used by around 3,800 doctors nationwide.
According to the ministry, the leaked information concerns administrative data such as names, surnames, telephone numbers and postal addresses.
For approximately 169,000 patients, or around 1% of cases, the compromised data may also include free-text notes entered by doctors, some of which could contain sensitive information.
Cegedim Santé said the attack was identified after "abnormal application query behaviour" was detected, according to AFP.
Following further investigation, it was concluded that patient data stored within the MLM software system had been illegally accessed or extracted.
The company stated that only administrative records were affected and that structured medical files remain intact. It added that the incident has been contained and that authorities were notified. A complaint has been filed with the public prosecutor.
French broadcaster France 2, which revealed the case, reported that between 11 and 15 million patient records may now be freely accessible online.
According to the channel, data relating to senior political figures could also be included among the leaked files.
The French data protection authority, the CNIL, had not immediately commented.
The Ministry stressed that the breach concerns a private service provider and did not result from a failure of government systems or state infrastructure.
Health Minister Stéphanie Rist has asked Cegedim Santé to clarify the causes of the incident, detail the corrective measures taken and provide guarantees to prevent further leaks, according to AFP.
The ministry reportedly said it is awaiting the outcome of ongoing investigations and will work with authorities to ensure full transparency.
