DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Threat actors leak files with protected health information from U. Miami

Posted on March 23, 2021 by Dissent

In December and January, threat actors successfully exploited multiple vulnerabilities in an older file transfer system by Accellion. A number of Accellion’s clients subsequently found themselves on the receiving end of extortion demands to either pay the threat actors, or have their data dumped publicly. A number of firms apparently refused to pay, and their files have been dumped on a dark web leak site known to many by now.

On Tuesday, the threat actors added the University of Miami to their leak site. As is their routine, they posted a few screencaps of files to increase pressure on their victim to pay up.

The files posted appeared to be from the university’s health system or hospital, so DataBreaches.net reached out to the university to ask about the incident. They have provided DataBreaches.net with the following statement:

The University of Miami is currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority. As soon as we became aware of the incident, we took immediate action to investigate and contain it. We also retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation. Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network.

While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats. We continue to serve our University community consistent with our commitment to education, research, innovation, and service.

They also shared a communication that went out to the university community for further clarification:

We are currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority.

As soon as we became aware of the incident, we took immediate action to investigate and contain it. We retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation.

Accellion had been used by a small number of individuals at UM to transfer files too large for email. The University has since discontinued use of Accellion file transfer services.

Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network. While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats.

As part of our ongoing cybersecurity practices, we remind you not to click on links or open attachments unless you know and trust the sender.

Our investigation into this incident is ongoing and we are continuing to analyze data files within the Accellion server used for secure file transfers and to identify individuals whose personal information was potentially affected. Once our investigation and data analysis are complete, we will notify affected individuals under applicable laws. While our investigation is ongoing, there are certain precautionary steps you may take to safeguard your information:

  • Learn about steps you can take to help protect against identity theft at https://www.identitytheft.gov/databreach.
  • Place a fraud alert in your credit file by contacting one of the three nationwide credit reporting agencies below:
    • https://www.equifax.com/personal/
    • https://www.transunion.com
    • https://www.experian.com/
  • Place a security freeze on your credit report by contacting the credit reporting agencies.

We will provide updates as appropriate. If you have questions, please call (855) 757-0247 during 9:00 a.m. to 6:30 p.m. ET on Monday to Friday. If you receive questions about this incident, please direct the individual to the same number.

Thank you for your commitment to serving our University community.

DataBreaches.net also reached out to the Bruce W. Carter VA Medical Center to inquire about a patient file that showed up in the sample the threat actors posted. The file was a records request from the V.A. hospital. It is not clear from the sample data whether the threat actors hit just U. Miami’s Accellion server that happened to have files with protected health information on it, or if the V.A. also had a server that was attacked (less likely, but possible). DataBreaches.net will update this post when a response from the V.A. is received.

Category: Breach IncidentsHealth DataSubcontractor

Post navigation

← CZ: Railway administration was attacked by hackers, operations not endangered
Heart of Texas Community Health Center notifies some patients of email-related breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report