Following the hacking suffered by Viamedis and Almerys, the damage seems limited for most professions linked to the medical sector. But it is different for opticians, who can no longer request support, even though the purchase of glasses represents a significant cost for their customers.
Viamedis first, then Almerys. In quick succession, these two third-party payment management platforms, which serve as intermediaries between health professionals (doctors, pharmacists, opticians, etc.) and complementary services, were victims of a cyberattack. In total, more than 33 million French people find themselves exposed to the theft of their data, according to National Commission for Information Technology and Liberties (Cnil).
Fortunately, this leak would not involve sensitive banking or medical information, nor postal details or telephone numbers. On the other hand, the hackers were able to seize data such as marital status, social security number, the name of the mutual insurance company and the guarantees of the contract taken out.
Pharmacists little affected
As for healthcare professionals, not everyone faces the same difficulties. For pharmacists, for example, they remain relatively circumscribed.
“We have suffered a suspension of payments via Viamedis” (for the part covered by complementary health insurance, editor’s note), specifies Valérian Ponsinet, president of a commission on digital systems within the Federation of Pharmaceutical Unions of France ( FSPF).
“But we were able to continue generating care sheets and billing customers,” he adds.
Payment delays are also “being gradually caught up”, assures Valérian Ponsinet, while since Wednesday the third-party payment service has been operational again for pharmacists.
The story is not the same among opticians. “Viamedis has not communicated to us any date for the restoration of their service. We learned through the press that they had been hacked,” laments Hugues Verdier-Davioud, president of the National Federation of Opticians of France (FNOF).
Opticians find themselves in a delicate situation, as the amounts involved in purchasing glasses are generally substantial.
“Concretely, we are no longer able to offer third-party payment to customers who come to the store to have glasses made,” explains Hugues Verdier-Davioud.
A service failure that he deplores in a context of inflation, where households are particularly careful with their spending. Consequently, customers who cannot advance the costs are invited to postpone their purchase of glasses, even though the part covered by the mutual is sometimes significant.
“For the optician, there are also consequences in terms of cash flow. He is awaiting liquidation of files”, in order to obtain payments from complementary health insurance, underlines Hugues Verdier-Davioud.
“Failure for years”
The president of the FNOF denounces more generally “a problem of securing flows”.
“Our federation has been calling on the CNIL for years to take note of the failures in the processing of flows between opticians and complementary health insurance.”
He believes that mutual societies collect a lot of data, which is not always essential to their operation. “They do not need as many details, especially since some are subject to medical confidentiality,” assures Hugues Verdier-Davioud.
The CNIL has launched an investigation to determine whether Viamedis and Almerys have implemented the security procedures required by European data legislation (GDPR).
“There have already been breaches and fraud but they have never reached this magnitude,” says Hugues Verdier-Davioud. Its federation wants the CNIL to “clearly define the role and responsibility of each actor” with regard to customer data, from opticians to complementary health insurance, including software publishers and third-party payment operators, such as Viamedis. and Almerys.