The CNIL gives notice to the Francetest company, a subcontractor for many French pharmacies. Data from nearly 400,000 people who have tested for antigen has leaked online.
The Cnil, French gendarme of personal data, announced Thursday that it had given notice to the young company Francetest, a site transmitting the results of Covid tests carried out in pharmacies to the government platform, for “insufficient security” of health data.
This decision follows the revelation at the end of August of a security breach that made personal data (surnames, first names, dates of birth, addresses, telephone numbers, social security numbers and e-mail address) and the results of tests of more than 380,000 people, for a total of 700,000 results.
“The Cnil noted that the company had taken certain measures to remedy the vulnerability at the origin of the data breach. However, the Francetest service still has several data security deficiencies,” said the regulator. in a press release.
Hundreds of pharmacies involved
“Consequently, the president of the CNIL has decided to put the company on notice to take all the necessary measures to guarantee the security of the health data that it processes on behalf of hundreds of pharmacies. The company has a deadline. two months to do what is necessary, ”he added.
Francetest is a company founded last January which specializes in the transfer of data from Covid tests carried out in pharmacies to the government platform SI-DEP.
The SI-DEP (screening information system) is a secure platform where the results of Covid-19 tests are systematically recorded in order “to ensure that all positive cases are well taken care of” and to identify cases contacts, explains the Ministry of Health on its site.
Result: many pharmacists use intermediaries to enter the results of the tests carried out in the SI-DEP. Francetest thus charges one euro per transmission, according to the information site Mediapart, which revealed the data breach.
“The Francetest company is a subcontractor of hundreds of pharmacies responsible for the operational performance of antigenic tests, the Cnil has sent a letter to more than 300 pharmacies concerned”, she further indicated, so that they check their compliance. the General Data Protection Regulation (GDPR) and the security obligation.
This case is not the only major data leak related to Covid tests. In September, the AP-HP revealed that it had stolen the information of some 1.4 million people tested in 2020. Here again, the identity of the patients but also their social security number and their contact details have disappeared from the list. nature.