The night of November 10–11, 2025 will be etched in the memories of Weda users. Around 11:30 PM, the publisher detected unusual activity on certain user accounts, suggesting attempts at unauthorized access. The response was swift: a total suspension of access to the platform. A blackout that would last until Friday morning, November 14, with a return in a heavily degraded mode.
For the 23,000 health professionals affected among the 85,000 users claimed by Weda, a subsidiary of the Vidal group since 2019, the impact is brutal. Medical practices switched to paper for nearly a week, deprived of their digitized patient records, consultation histories, test results, and previous prescriptions.
Dr. Philippe Mauboussin, a general practitioner in Eure, summed up the situation to AFP with a metaphor: losing access to the professional software is like losing water and electricity while hosting 15 people for dinner that evening. Practitioners found themselves consulting “blind,” without access to medical histories, ongoing treatments, or prescribed dosages.
An attack via compromised credentials
Unlike the ransomware incidents that have dominated headlines in recent months in the hospital sector, the intrusion would have come from compromised user credentials. Several professionals’ accounts are believed to have been hacked via malware installed on their workstations, allowing hackers to steal their Weda passwords.
As of now, no cybercriminal group has claimed the attack, and the publisher has not mentioned a ransom demand. The crucial question remains without a clear answer: have data been exfiltrated? Weda remains evasive on this point, noting a possible “partial extraction” without formally confirming the scope of any potential breach.
Nevertheless, some health facilities, such as the Saint-Jean-en-Royans health center, report a loss of confidentiality on a server and possible viewing of data. The information at stake is particularly sensitive: complete medical records, diagnoses, treatments, test results, and Social Security numbers.
Managing digital dependency
This incident rekindles debates about the reliability of digital tools in healthcare. Dr. Bernard Huynh, president of FMF-Spé, points to a problematic asymmetry: software vendors subsidized under the digital “Ségur” reforms are not obligated to maintain service continuity, unlike physicians.
The MG France union laments the fragility of “all-online” health information systems, while the use of these tools becomes progressively mandatory for practitioners. A paradox highlighted by Bernard Huynh: the state and the national health insurance are betting everything on digital, yet doctors daily see the system’s flaws.
Since November 14, access to records has been prioritized, but functions such as invoicing remain blocked. Weda has rolled out manual procedures to limit delays and now shuts its platform every night from 10 PM to 7 AM. The company has informed the ANSSI and the CNIL, filed a complaint, and engaged cybersecurity experts to strengthen its authentication protocols.
For medical offices, the post-crisis period imposes new constraints: mandatory password changes for all accounts, verification of file integrity, heightened monitoring of targeted phishing attempts. Multi-professional health centers must now activate their business continuity plans and review their contractual clauses.
“Another vulnerability tied to the supply chain that provides an entry point for potential attackers, and which once again highlights the fragility of essential services. This case is all the more insidious because independent healthcare professionals and small medical centers, entirely dependent on their SaaS medical solution and not necessarily equipped with cybersecurity defenses, are the indirect victims,” says Bernard Montel, CTO EMEA at Tenable, a cyber risk specialist.
“This episode underscores how essential technology providers are in sectors like health. It also highlights the importance of the NIS2 directive and its transposition in France. The resilience of third-party suppliers is a major challenge to ensuring the continuity of medical services,” he adds.
