Cyberattack On Insurance Companies: What To Do If You're Affected?

After a cyberattack on the third-party payment administrators Viamedis and Almerys, over 33 million French individuals have fallen victim to data theft. You may be among those insured whose personal identification and social security numbers have been stolen. Here are the right steps to take if you're affected by this cyberattack on health insurance providers.

How to know if one is concerned?

The cyberattack on the Viamedis and Almerys mutual insurance companies is the largest security breach to ever hit France. These two operators, responsible for managing third-party payment for health mutuals, were attacked within 5 days of each other.

This hacking incident that occurred at the end of January affects more than 33 million people, which is nearly one out of every two French citizens. Viamedis alone, owned among others by Malakoff Humanis and Vyv, provides third-party payment services for 84 different health supplements and 20 million social insured persons.

To find out if you are affected by this data theft, the simplest way is to quickly contact your mutual insurance company.

If you are among the insured whose data has been stolen, it is likely that your mutual insurance company has already sent you an email or SMS about it. Indeed, the health supplements affected by this security breach are legally obligated to inform the insured. Take these messages seriously as they are not pranks.

What data was stolen by the hackers?

Following the cyberattack on Viamedis and Almerys mutual insurance companies, an investigation has been opened by the CNIL (the National Commission on Informatics and Liberty).

According to the CNIL, the personal data that were stolen from policyholders and their families include:
• full name
• date of birth
• social security number
• name of the health insurance mutual
• the coverages of the subscribed contract.

However, phone numbers, email addresses, banking information, and the insured's medical data have not been affected by this massive data theft.

This means that hackers will not be able to directly use your banking information to drain your checking account, for example. However, this security breach will facilitate attempts at scams, such as phishing or identity theft.

What precautions should be taken?

If you are one of the 33 million French people affected by the cyberattack on the Viamedis and Almerys mutual insurance companies, you must be very vigilant when opening your emails to avoid falling victim to an online scam.

Never click on a suspicious link in an email that is supposedly sent by your insurance provider! Also be wary of attachments: the Health Insurance never sends any!

When an email seems to come from your insurance provider but appears unusual or a bit strange, the right reflex is to call your insurance provider directly to find out if they are truly the originator of this message.

The CNIL urges those affected by this cyberattack to exercise the utmost caution in the coming months, especially when contacted about health care reimbursements. If someone reaches out to you by email or phone claiming to be an agent of your insurance provider, do not provide any bank details!

To exchange messages and documents with your insurance provider, always go through your personal space, via the mobile app or the website of your health insurer.

Lastly, to ensure that you are not a victim of an online scam, regularly check the transactions (debits and withdrawals) on your various bank accounts. At the slightest doubt, contact your bank immediately.

However, you can be assured of one thing: even if you are a victim of this cyberattack, you can continue to use your vital card and mutual insurance card for your various health care needs.

Only certain opticians and hearing aid providers are currently unable to offer you third-party payment on your glasses due to the temporary closure of the Viamedis and Almerys platforms. Because of the deactivation of these two websites, opticians cannot request coverage.

Consequently, those who urgently need their contact lenses or glasses must pay the costs upfront. This means they have to pay the full price of these products and then wait to be reimbursed. The reactivation of the two third-party payment platforms is expected to take several more days.