French police have arrested a 22-year-old man suspected of hacking the computer systems at a Paris hospital, stealing, and then leaking the COVID-19 test results of more than 1.4 million patients.
The suspect was arrested on Wednesday, October 6, in the village of Ollioules dans le Var, by investigators from the Cybercrime Brigade (BL2C) of the Paris judicial police, according to local newspapers. The suspect reportedly admitted to his crime in police custody.
"Opposed to the health pass, the 22-year-old man wanted to demonstrate the weakness and fallibility of the AP-HP computer system," a source familiar with the investigation told AFP.
"He denies having knowledge that the data recovered contained personal information, he did not intend to resell them or enrich themselves", added the source.
According to authorities, in early September, the suspect breached Paris-based hospital trust Assistance Publique – Hôpitaux de Paris (AP-HP), the largest hospital system in Europe and one of the largest in the world. AP-HP disclosed the breach in a press release on September 12.
At the time, hospital officials said that the incident affected around 1.4 million people that undergone PCR and Covid-19 tests in mid-2020, mainly in Île-de-France and some outside Île-de-France.
The stolen files included such info as full names, dates of birth, gender, Social security numbers, home addresses, emails, telephone numbers, COVID-19 test results from mid-2020.
According to officials, the hacker compromised a file-sharing server hospital staff was using to share laboratory tests with the French Health Ministry. The attacker stole files containing COVID-19 test results, and uploaded the files on file-sharing portal MEGA, links to which later were shared on video hosting platform JeuxVideo, and on the now-deleted Twitter profile.
The stolen AP-HP files had been removed from MEGA, but by that time the data dump had already been downloaded and shared.