ISPs are ordered to block a site hosting the health data of 500,000 French people

The CNIL announces that it has asked the Paris court to order French operators to block access to a site hosting the hacked health data of nearly 500,000 people.

The case of the very important health data leak, which concerns nearly 500,000 French patients, is experiencing a new legal twist. In a press release dated March 4, the National Commission for Informatics and Freedoms (CNIL) announced that it had appealed to the Paris judicial court to obtain the blocking of a website that hosts the medical data that was found. in nature.

Blocking of a host giving access to a pirated file

We also learn that the Paris judicial court followed up on the CNIL’s request, which is on the front line in this case, given the nature of the data that was exposed and its sensitivity. The Paris court thus ordered the main internet service providers to block access to the disputed, unnamed site in order to limit its visibility, at least in France.

The administrative authority does not specify which operators are forced to implement technical means to prevent their subscribers from visiting the site, but AFP indicates that these are the four biggest: Orange, SFR, Bouygues Telecom and Free. This lets associative ISPs slip through the cracks, for example, but the fact is that these four operators constitute the bulk of the market.

Still according to the press agency, which was also able to consult the court judgment, it appears that the CNIL noted that the file containing the health data of the 500,000 patients was offered for download via a free hosting service from files. A download link was offered on a discussion forum, in theory allowing anyone to retrieve it.

Recommended
Google Play Store : The launch of the Play Pass subscription is imminent

However, it appears that the blocking directly targeted the service itself and not just the precise link leading to said file, because this last option would not have made it possible to target it effectively. According to the judgment, the duration of the blocking of the site will not exceed 18 months. According to our findings, however, the blocking is not yet operational, at least at one of the four ISPs concerned.

The host in question, it is specified, uses the top-level domain reserved for the island of Guernsey (“.gg”). It is also indicated that this service uses it only for some time, its domain having been registered in July 2020. In addition, it is indicated that it uses the services of the American company Cloudflare, to optimize its presence in line, but that the latter did not respond to requests from the CNIL.

In this case, the CNIL had not been warned upstream of the incident. It was through the press that the protection authority discovered the case. Since then, its services have been mobilized to carry out checks, in order to check whether the laboratories complied with the legal requirements for the protection of health data and, if applicable, whether technical measures have since been taken to secure them.

At this stage, three control operations have been carried out. In addition, information to people is being issued, so that victims know what happened and what behavior should be adopted to protect themselves. Other investigations are underway, as is a judicial inquiry. The CNIL adds that it reserves the right to request other measures, in connection with the Paris prosecutor’s office and the ANSSI.

Recommended
Our first impressions of Gears 5

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.