DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Threat actors leak files with protected health information from U. Miami

Posted on March 23, 2021 by Dissent

In December and January, threat actors successfully exploited multiple vulnerabilities in an older file transfer system by Accellion. A number of Accellion’s clients subsequently found themselves on the receiving end of extortion demands to either pay the threat actors, or have their data dumped publicly. A number of firms apparently refused to pay, and their files have been dumped on a dark web leak site known to many by now.

On Tuesday, the threat actors added the University of Miami to their leak site. As is their routine, they posted a few screencaps of files to increase pressure on their victim to pay up.

The files posted appeared to be from the university’s health system or hospital, so DataBreaches.net reached out to the university to ask about the incident. They have provided DataBreaches.net with the following statement:

The University of Miami is currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority. As soon as we became aware of the incident, we took immediate action to investigate and contain it. We also retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation. Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network.

While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats. We continue to serve our University community consistent with our commitment to education, research, innovation, and service.

They also shared a communication that went out to the university community for further clarification:

We are currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority.

As soon as we became aware of the incident, we took immediate action to investigate and contain it. We retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation.

Accellion had been used by a small number of individuals at UM to transfer files too large for email. The University has since discontinued use of Accellion file transfer services.

Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network. While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats.

As part of our ongoing cybersecurity practices, we remind you not to click on links or open attachments unless you know and trust the sender.

Our investigation into this incident is ongoing and we are continuing to analyze data files within the Accellion server used for secure file transfers and to identify individuals whose personal information was potentially affected. Once our investigation and data analysis are complete, we will notify affected individuals under applicable laws. While our investigation is ongoing, there are certain precautionary steps you may take to safeguard your information:

  • Learn about steps you can take to help protect against identity theft at https://www.identitytheft.gov/databreach.
  • Place a fraud alert in your credit file by contacting one of the three nationwide credit reporting agencies below:
    • https://www.equifax.com/personal/
    • https://www.transunion.com
    • https://www.experian.com/
  • Place a security freeze on your credit report by contacting the credit reporting agencies.

We will provide updates as appropriate. If you have questions, please call (855) 757-0247 during 9:00 a.m. to 6:30 p.m. ET on Monday to Friday. If you receive questions about this incident, please direct the individual to the same number.

Thank you for your commitment to serving our University community.

DataBreaches.net also reached out to the Bruce W. Carter VA Medical Center to inquire about a patient file that showed up in the sample the threat actors posted. The file was a records request from the V.A. hospital. It is not clear from the sample data whether the threat actors hit just U. Miami’s Accellion server that happened to have files with protected health information on it, or if the V.A. also had a server that was attacked (less likely, but possible). DataBreaches.net will update this post when a response from the V.A. is received.

Category: Breach IncidentsHealth DataSubcontractor

Post navigation

← CZ: Railway administration was attacked by hackers, operations not endangered
Heart of Texas Community Health Center notifies some patients of email-related breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.