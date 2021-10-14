While the French still use PCR and antigen tests, since the implementation of the health pass on July 21, this data can arouse the interest of hackers in their resales. However, this risk still remains according to the CNIL. The French gendarme of personal data indeed announced Thursday that it had given notice to the young company Francetest, the site which transmits the results of Covid tests carried out in pharmacies to the government platform “SI-DEP”, for “insufficient security” of the data of health.

While this Friday marks the end of the so-called “comfort” free tests to convince the last recalcitrant to vaccination, it is still 3.9 million tests that were validated between September 13 and 19, according to data from the Directorate of Research, Studies, Evaluation and Statistics (DREES), attached to the Ministry of Health.

The leak of this data therefore concerns millions of individuals. But, following a first recall, “Cnil found that the company had taken certain steps to address the vulnerability that caused the data breach. However, the Francetest service still has several shortcomings in terms of data security “, said the regulator in a press release.

“300 pharmacies concerned”

At the end of August, a security breach had already made accessible the personal data (names, first names, dates of birth, addresses, phone numbers, social security numbers and e-mail address) and the test results of thousands of people.

“Consequently, the president of the CNIL has decided to put the company on notice to take all the necessary measures to guarantee the security of the health data that it processes on behalf of hundreds of pharmacies. The company has a deadline. two months to do what is necessary “, is it added.

“The Francetest company is a subcontractor of hundreds of pharmacies responsible for the operational performance of antigenic tests, the Cnil has sent a letter to more than 300 pharmacies concerned”, she further indicated, so that they check their compliance with the General Data Protection Regulation (GDPR) and the security obligation.

Francetest is a company founded last January which specializes in the transfer of data from Covid tests carried out in pharmacies to the government platform SI-DEP.

A huge database

“Since October 17, antigenic tests have been authorized in the context of individual screening (…) the entry of information into SIDEP for health professionals has only been possible since November 16, and has undergone a phase of rise in load“, explains the Drees website.

In fact, the windfall of this personal data is colossal, like the peak seen last summer. Between July 26 and August 1, 2021, more than 4.1 million RT-PCR and antigen tests had been validated, up from 3.6 million the previous week, according to data from the Ministry of Health. We even know the age profiles: “this increase in the number of tests is concentrated on people aged 65 or younger. In particular, the 26-40 year olds become the age category where the tests are the most numerous “, indicated the ministry which exploits the pseudonymized data of the SI-DEP.





The SI-DEP (screening information system) is a secure platform where the results of Covid-19 tests are systematically recorded in order “to ensure that all positive cases are well taken care of” and to identify cases contacts, explains the Ministry of Health on its site.

Result: many pharmacists use intermediaries to enter the results of the tests carried out in the SI-DEP. Francetest thus charges one euro per transmission, according to the information site Mediapart, which revealed the data breach.

Risks of breaches increase with health controls

While the aggregation of health data increases as health checks become mandatory, the risks of breaches also increase.

At the beginning of September, the public assistance hospitals of Paris (AP-HP) suffered a cyber attack which allowed hackers to steal the Covid tests of 1.4 million Ile-de-France residents with all the personal data that accompanied them.

Finally, if they become chargeable, Covid tests will still be part of the daily life for some households. From Friday, nearly 7 million partially or unvaccinated adults will have to pay between 22 and 44 euros for each screening allowing them to obtain a health pass. In 2021, the cost of tests will soar to 6.2 billion this year, after 2.2 billion in 2020.

