Paris – 01.07.2026: In France, five suspects aged 16 to 22 have been arrested on suspicion of cyberattacks against healthcare facilities. According to police and judiciary sources, they are suspected of having breached the IT systems of hospitals and medical practices and stolen extensive datasets containing personal information of patients. The measures took place as part of coordinated investigations, during which several apartments were searched and storage media seized.
Investigative authorities report that the attacks targeted administrative and practice software as well as connected services in the healthcare sector. The apparent aim was to extract large volumes of structured data – including contact details, elements of treatment documentation and administrative identifiers. Part of the information is believed, based on current knowledge, to have been offered in relevant forums. The exact number of affected facilities and records is currently being clarified through forensic analysis.
The operation was led by the police unit specializing in cybercrime in coordination with the responsible public prosecutor’s office. Computers, mobile phones, external storage devices and notes containing access data were seized. Experts from the national cybersecurity agency ANSSI are supporting the technical analysis. Investigators are also examining whether vulnerabilities at individual IT service providers were exploited and whether there are links to previous incidents.
Regional health authorities have informed the affected providers. Precautionary measures apply to the facilities: protocols are being reviewed, access credentials reset and log files analyzed. Data protection authorities advise potentially affected persons to be especially vigilant regarding suspicious contact attempts and recommend awaiting communications from the respective facility about the individual situation. Where a personal data leak is confirmed, authorities say notifications will be issued.
On the criminal side, unauthorized access to an automated data system, data alteration and trafficking in stolen data are among the offenses under investigation. Special procedural and protective rules apply to the minor suspects. No decisions on charges have been made yet; the investigations are ongoing. Authorities emphasize that the arrests are part of a broader set of measures against young suspects in cybercrime that have been intensified in recent weeks.
Cyberattacks on healthcare are considered particularly serious because they involve the protection of sensitive data and can disrupt the operation of emergency departments, laboratories or appointment scheduling systems. Experts point to the combination of outdated systems, complex third-party chains and a large attack surface. Providers and operators are now expected to promptly apply patches, enforce multi-factor authentication and verifiably test backup and emergency plans to increase resilience.
Sources
- Franceinfo
- 01net
- Le Parisien
- Europe 1
- Le Monde