Cegedim Santé Breach Exposes 15.8 Million French Healthcare Records Including HIV Status

15.8 Million French Patient Records Stolen in Healthcare Software Breach

Cegedim Santé, a major French healthcare software vendor, confirmed that attackers exfiltrated approximately 15.8 million administrative medical files after compromising its MonLogicielMedical (MLM) platform — software used by 3,800 doctors across France. The breach included highly sensitive medical information such as HIV/AIDS diagnoses and sexual orientation data.

Attribute	Value
Victim	Cegedim Santé (healthcare software vendor)
Records Exposed	15.8 million administrative files
Doctors Affected	1,500 of 3,800 using the MLM platform
Sensitive Records	165,000 files containing doctor's clinical notes
Data Types	Names, gender, DOB, phone, address, email, medical history
Detection	Late 2025 (abnormal application requests)
Notification	January 2026
Notable Victims	French politicians identified among the exposed

What Was Exposed

The breach compromised Cegedim's MonLogicielMedical (MLM) software through abnormal application requests on doctors' accounts. The stolen data includes:

Personal identifiers — full names, gender, dates of birth, phone numbers, residential addresses, and email IDs
Administrative records — 15.8 million files covering patient registration and appointment data
Clinical notes — approximately 165,000 files containing doctors' handwritten notes, which in some cases included:
- HIV/AIDS status
- Sexual orientation
- Mental health diagnoses
- Substance use details

High-Profile Victims

French media reported that top politicians were among the individuals whose information was extracted, adding a political dimension to what is already France's largest healthcare data breach.

Timeline of Events

Late 2025 — Cegedim Santé detects abnormal application requests on doctor accounts
January 2026 — All affected doctors and patients notified
February-March 2026 — Investigation reveals full scope: 15.8 million records across 1,500 doctor practices
March 2026 — Additional security measures implemented; CNIL investigation ongoing

Impact Area	Description
Patient Privacy	15.8 million records exposed, including children
Medical Confidentiality	HIV status and sexual orientation data leaked
Political Risk	Politician medical records among the exposed
Regulatory	GDPR Article 9 (special categories) violation investigation
Healthcare Trust	Erodes patient confidence in digital health records
Identity Fraud	Full PII available for social engineering attacks

Recommendations

For Affected Patients

Monitor for phishing attempts referencing your doctor or medical practice
Request a copy of your data from your healthcare provider under GDPR rights
Be alert for insurance fraud or identity theft using medical information
Contact CNIL if you believe your sensitive medical data was exposed

For Healthcare Organizations

Implement anomaly detection on application-level requests to patient data
Encrypt sensitive clinical notes at rest with per-record keys
Segment administrative and clinical data with different access controls
Conduct regular third-party security audits of SaaS healthcare platforms

Key Takeaways

15.8 million records make this France's largest healthcare breach — affecting roughly one in four French citizens
HIV/AIDS status and sexual orientation were among the most sensitive data exposed, creating risks of discrimination
165,000 clinical notes with detailed medical histories were stolen — far beyond basic PII
Politicians are among the identified victims, adding national security dimensions
The breach went undetected for months before abnormal API requests triggered investigation
Healthcare SaaS vendors remain high-value targets — a single platform compromise exposed data from 1,500 medical practices

Sources

15.8 Million French Patient Records Stolen in Healthcare Software Breach

Attribute	Value
Victim	Cegedim Santé (healthcare software vendor)
Records Exposed	15.8 million administrative files
Doctors Affected	1,500 of 3,800 using the MLM platform
Sensitive Records	165,000 files containing doctor's clinical notes
Data Types	Names, gender, DOB, phone, address, email, medical history
Detection	Late 2025 (abnormal application requests)
Notification	January 2026
Notable Victims	French politicians identified among the exposed

What Was Exposed

The breach compromised Cegedim's MonLogicielMedical (MLM) software through abnormal application requests on doctors' accounts. The stolen data includes:

Personal identifiers — full names, gender, dates of birth, phone numbers, residential addresses, and email IDs
Administrative records — 15.8 million files covering patient registration and appointment data
Clinical notes — approximately 165,000 files containing doctors' handwritten notes, which in some cases included:
- HIV/AIDS status
- Sexual orientation
- Mental health diagnoses
- Substance use details

High-Profile Victims

French media reported that top politicians were among the individuals whose information was extracted, adding a political dimension to what is already France's largest healthcare data breach.

Timeline of Events

Late 2025 — Cegedim Santé detects abnormal application requests on doctor accounts
January 2026 — All affected doctors and patients notified
February-March 2026 — Investigation reveals full scope: 15.8 million records across 1,500 doctor practices
March 2026 — Additional security measures implemented; CNIL investigation ongoing

Impact Area	Description
Patient Privacy	15.8 million records exposed, including children
Medical Confidentiality	HIV status and sexual orientation data leaked
Political Risk	Politician medical records among the exposed
Regulatory	GDPR Article 9 (special categories) violation investigation
Healthcare Trust	Erodes patient confidence in digital health records
Identity Fraud	Full PII available for social engineering attacks

Recommendations

For Affected Patients

Monitor for phishing attempts referencing your doctor or medical practice
Request a copy of your data from your healthcare provider under GDPR rights
Be alert for insurance fraud or identity theft using medical information
Contact CNIL if you believe your sensitive medical data was exposed

For Healthcare Organizations

Implement anomaly detection on application-level requests to patient data
Encrypt sensitive clinical notes at rest with per-record keys
Segment administrative and clinical data with different access controls
Conduct regular third-party security audits of SaaS healthcare platforms

Key Takeaways

15.8 million records make this France's largest healthcare breach — affecting roughly one in four French citizens
HIV/AIDS status and sexual orientation were among the most sensitive data exposed, creating risks of discrimination
165,000 clinical notes with detailed medical histories were stolen — far beyond basic PII
Politicians are among the identified victims, adding national security dimensions
The breach went undetected for months before abnormal API requests triggered investigation
Healthcare SaaS vendors remain high-value targets — a single platform compromise exposed data from 1,500 medical practices

Cegedim Santé Breach Exposes 15.8 Million French Healthcare Records Including HIV Status

15.8 Million French Patient Records Stolen in Healthcare Software Breach

What Was Exposed

High-Profile Victims

Timeline of Events

Recommendations

For Affected Patients

For Healthcare Organizations

Key Takeaways

Sources

3.1 Million Impacted by QualDerm Partners Data Breach

Two US Cybersecurity Professionals Plead Guilty to BlackCat Ransomware Attacks

Navia Data Breach Impacts 2.7 Million People

Cegedim Santé Breach Exposes 15.8 Million French Healthcare Records Including HIV Status

15.8 Million French Patient Records Stolen in Healthcare Software Breach

What Was Exposed

High-Profile Victims

Timeline of Events

Recommendations

For Affected Patients

For Healthcare Organizations

Key Takeaways

Sources

3.1 Million Impacted by QualDerm Partners Data Breach

Two US Cybersecurity Professionals Plead Guilty to BlackCat Ransomware Attacks

Navia Data Breach Impacts 2.7 Million People