The CNIL gives notice to Francetest after the leak of health data on Covid-19 screening tests

    The National Commission for Informatics and Freedoms (CNIL) announced Thursday, October 14, that it had given formal notice to the private company Francetest to secure the health data it collects on behalf of pharmacies during health tests. Covid-19 screening.

    A computer flaw, making accessible some 700,000 results of antigenic tests carried out in pharmacies, was revealed on Tuesday, August 31 by the information site Mediapart. Francetest assured the next day to have “Required assistance from cybersecurity experts”. The company, specializing in the transfer of data from coronavirus screening tests to the government platform SI-Dep (for screening information system), had specified that server security assessment operations would be carried out. with these experts.

    Read also Francetest will call on experts after the flaw making antigenic test results visible

    Two months to do what is necessary

    After carrying out checks, the CNIL declared that the exposed database concerned “386,970 unique people and included their last name, first name, e-mail address, telephone number, date of birth, test result (positive or negative) and Social Security number”.

    While Francetest has taken certain measures to remedy the vulnerability that caused the data breach, the service “Still has several data security shortcomings (…). Health data is hosted by a service provider that does not have HDS approval [hébergement de données de santé], the authentication processes are not robust enough, the cryptological methods used are weak and the logging [enregistrement des actions des personnes accédant à l’outil] of server activities is incomplete ”, explained the CNIL. “The company has two months to do what is necessary”, she added.

    Many pharmacists use intermediaries to enter the results of tests carried out in the SI-Dep. Francetest thus invoices 1 euro per transmission, according to the information site Mediapart. Since the Francetest company is a subcontractor of hundreds of pharmacies responsible for the operational performance of antigenic tests, the CNIL sent a letter to “More than 300 pharmacies to check their compliance with the GDPR [règlement général sur la protection des données] and the safety obligation ”.

    Read also Health pass: the CNIL stresses the need to control “alternative” verification systems

    The world

    Latest articles


    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here