An arrest in the case of the theft of AP-HP data

The case had stirred up the world of health and may have just found its epilogue with, according to the JDD, the arrest of a 22-year-old young man suspected of being at the origin of the hacking of the AP-HP. Last September, the establishment communicated on the theft of 1.4 million patient data having carried out Covid tests. This information related to Covid screenings carried out in mid-2020 and includes: the identity, social security number and contact details of the people tested, the identity and contact details of the healthcare professionals caring for them, the characteristics and the result of the test performed.

At the time, AP-HP mentioned a lead on the origin of the intrusion, “a recent security breach in the digital file sharing tool acquired by AP-HP and hosted on its own infrastructures techniques “. We later learned that the tool in question was HCP Anywhere provided by Hitachi Vantara. This service was used to transmit data from tests carried out by medical laboratories to Health Insurance and regional health agencies (ARS).

The investigation entrusted to the Cybercrime Brigade (BL2C) resulted in the arrest of a 22-year-old young man, living in Ollioures in the Var. Declaring himself anti-sanitary pass, he had claimed the hacking of the AP-HP on his Twitter account (which has been deleted). He is to be brought before a judge today. Intrusion into an automated data processing system falls under criminal law and is punishable by five years’ imprisonment and a fine of 150,000 euros.