image courtesy, healthsecurity.com
Accellion is a simple software used for file transfer, but in December 2020 it was discovered that this software through zero click vulnerability was used by hackers to access personal information of people and some organisations. The list of its victims is growing gradually, and one of the recent victims revealed is the Beaumont Hospital in Michigan.
A law firm named Goodwin Proctor used this file transfer software to transfer data of patients at Beaumont Hospital. As soon as the law firm learned in depth about this software they alerted Beaumont Hospital about it and hired a number 1 forensic investigating team that disclosed that some files were stolen by an authorized third party entity.
image courtesy, wxyz.com
A further self investigation by the hospital revealed that the estimated compromised data is limited to 1,500 patients approximately according to the health institution. The extent of data breach was limited to the patient’s protected health information (PHI), names, medical records, date of service, service names etc. There is no sign of leak of financial data.
The mitigations are being applied by Goodwin; they are gradually notifying the patients who were affected by this cyber attack through letters containing measures to prevent further damage and to protect already stolen data and they have banned the use of Accellion in its firm and secured all of its networks. According to Beaumont, no improper or illegal use of data has occurred.
Beaumont also assures that protecting personal data is their number one priority and has taken necessary steps for securing the data in their possession.