(Bloomberg) -- Companies lost sensitive personal information about the health of half a million people in France over a period of five years, France’s privacy watchdog said on Wednesday.

The CNIL regulator opened an investigation and told the medical testing laboratories involved to comply with rules around the reporting of leaks or face penalties. In a statement, it said the breaches were of “particularly significant magnitude and severity.”

Hackers may have infiltrated software used by the laboratories made by Dedalus France, according to press reports. The CNIL said it first learned about the leaks from the media.

The breaches lasted from 2015 until October 2020 and included data that ranged from social security numbers to insurance information, drug treatments, pathologies and the health status of patients, according to Liberation newspaper. Online tech newsletter Zataz reported the breach on Feb. 14.

Macron Rushes to Shore Up French Cyber Defenses After Attacks

France has been targeted by multiple hacking attempts on its medical systems in recent months, including two ransomware-type attacks that disrupted important regional hospitals this month. French President Emmanuel Macron said cyber defense would become “a priority” of his administration.

France’s cybersecurity agency ANSSI didn’t return an email and a call seeking comment.

©2021 Bloomberg L.P.