DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Southern Illinois University School of Medicine impacted by Accellion breach, notifies patients

Posted on March 5, 2021 by Dissent

It appears that SIU was impacted by the Accellion breach that has been in the news a lot this past month.  SIU is the first entity, however, to disclose that the incident impacted protected health information (PHI), although as DataBreaches.net reported, this site found what might be PHI in Jones Day’s dumped data.

SIU does not appear on the CLOP threat actors’ dedicated leak site at the time of this publication.

Here is SIU’s notification:


The Southern Illinois University School of Medicine, (“SIU”) is providing notice pursuant to 815 ILCS 530/25 in connection with an incident that may have involved the personal information of certain Illinois residents. This notice will be supplemented, if necessary, with any new significant facts discovered subsequent to its submission. While SIU is notifying you of this incident, SIU does not waive any rights or defenses relating to the incident or this notice.

NATURE OF THE INCIDENT AND CORRECTIVE ACTIONS TAKEN

SIU recently discovered that an unknown, unauthorized third party may have accessed an electronic file transfer service utilized by SIU for short periods of time on December 24, 2020, January 20, 2021, and January 21, 2021. Upon discovering the incident, SIU began an investigation, notified law enforcement, and has since shut down access to the service. Additionally, SIU engaged a forensic security firm to conduct an investigation of the incident and confirm the security of SIU’s network. On February 22, 2021, the forensic investigation confirmed that unauthorized access to the service occurred.

SIU searched the documents for any personal information or protected health information. SIU determined that the documents contained personal information for certain individuals, including, depending on the individual, their name, date of birth, Social Security number, driver’s license number, medical treatment information, and medical insurance information. SIU is working to notify individuals and state and federal regulators as quickly as possible in accordance with state and federal law. SIU will arrange for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident.

If SIU determines the identity of the actor who accessed SIU’s system, SIU will notify the General Assembly in accordance with 815 ILCS 530/12(f). SIU is taking steps to reduce the risk of this type of incident occurring in the future, including terminating the use of this particular service.

Please do not hesitate to contact me if you have any questions or if I can provide you with any further information concerning this matter.

Very truly yours,

Kate Cohen, JD, CHC, CHRC
Chief Compliance Officer
SIU School of Medicine

AFFECTED INDIVIDUALS
If you have questions or are concerned that your information may have been compromised, please call 855-908-1736. Someone will be available to take your call Monday-Friday, 8 a.m.-5 p.m.

FREQUENTLY ASKED QUESTIONS

What happened?

We recently discovered that an unknown, unauthorized third party may have accessed documents stored in an electronic file transfer service used by SIU Medicine. Upon discovering the incident, SIU began an investigation, and has since shut down access to the service. Additionally, SIU engaged a forensic security firm to conduct an investigation of the incident.

We have no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft. Nevertheless, as part of our investigation, we searched for any personal information in the potentially accessed documents and we are notifying those individuals whose personal information was identified.

Who did this?

We do not know the identity of the individual or individuals responsible for this incident.

How do I know if my information was affected?

Individuals whose information was affected by this incident have already or will be notified by SIU. The notification will specify what information may have been included in the potentially accessed documents. If you believe your information may have been affected by this incident or have questions about the incident, please call 855-908-1736.

Source: SIU

Category: Health DataMalwareSubcontractorU.S.

Post navigation

← TX: ProPath Notifies Patients of Data Security Incident
TX: Elara Caring notifies more than 100,000 patients after corporate email accounts hacked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.