Accellion Breach Impacts Beaumont Health

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Another Accellion breach victim has been named nine months after threat actors exploited zero-day vulnerabilities in the company’s File Transfer Application.

Beaumont Health has notified approximately 1500 patient that their personal data may have been compromised in the December attack on Accellion software. 

Goodwin Procter LLP, which was hired by Beaumont to provide legal services, used Accellion’s File Transfer software to carry out large transfers on behalf of its clients. On February 5, Goodwin advised the healthcare provider that patient data may have been compromised.

A digital forensics investigation launched by Goodwin after news of the Accellion breach came to light found that an unknown user had exploited a vulnerability in the software to download certain files.

“The potentially impacted information included a listing of roughly 1500 patients who had one of two procedures performed at a Beaumont Hospital,” said a statement issued on August 27 by Beaumont Health.

“The list included the patient name, procedure name, physician name, the internal medical record number and the date of service. This incident is limited to these patients and does not affect all patients of Beaumont.”

The healthcare provider added that no financial information had been impacted by the incident and that neither Beaumont nor Goodwin had found any evidence of the compromised data being used improperly. 

Goodwin, on behalf of Beaumont, contacted impacted individuals by letter at their last known address on August 27 to notify them of the data breach. 

“The notice letter specifies steps impacted individuals may take in order to protect themselves against identity fraud, including enrolling in complimentary credit monitoring services (if eligible), placing a fraud alert/security freeze on their credit files, obtaining free credit reports, remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis and taking steps to safeguard themselves against medical identity theft,” stated Beaumont.

Following the incident, Goodwin is evaluating its data security procedures and protocols. 

News of the data breach comes a year after a phishing attack on Beaumont Health may have exposed the data of 6000 patients.  

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
Linux Cerber Ransomware Variant Exploits Atlassian Servers
Russia and Ukraine Top Inaugural World Cybercrime Index
Data Breach Exposes 300k Taxi Passengers’ Information
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

Leave a Reply

Your email address will not be published. Required fields are marked *