Play all audios:
PERSONAL DETAILS OF PATIENTS WERE STOLEN IN A CYBERATTACK BUT MEDICAL RECORDS WERE REPORTEDLY UNTOUCHED A reader has contacted us after receiving an email from a medical laboratory in France
alerting them that their data had been stolen in a cyberattack. We can confirm the email was genuine and a cyberattack did take place against Cerballiance, a company running over 700
medical laboratories, in March 2025. Cyberattackers stole the personal information of thousands of laboratory patients, including their email address, name, and date of birth after
momentarily gaining access to a private server. The laboratory has since been contacting impacted users (if you have not been contacted, your details were very likely not taken). Many
victims were from the south-east of France, although the incident could have impacted anyone who had used one of the laboratories and signed into the website to access test results. Despite
the log-in codes of some users also being stolen, Cerbaillance says that no medical information, such as Social Security information or health records, was compromised. Users have been
asked to change the password they use to access their personal space on the Cerbaillance website, and to be aware of potential scammers trying to contact them. Fraudsters often try to gain
potential victims’ confidence by citing the information they have as if they are a genuine contact. The incident was referred onto the relevant national authorities, including the CNIL
(Commission nationale de l'informatique et des libertés) and Agence nationale de la sécurité des systèmes d’information (ANSSI). Readers concerned they have been impacted can call a
dedicated helpline for free (0 800 95 27 27), or email the laboratory at [email protected]. For additional advice, check out our article on how to protect yourself following a
cyberattack.