Share this article on:
Several healthcare organizations have recently confirmed they have been affected by the December 2020 Accellion cyberattack. The attack has been linked to the Clop ransomware gang, as its leak site was used to publish samples of data stolen in the attack, although ransomware is not believed to have been used.
Accellion provided a file transfer solution that was used for transmitting files that were too large to be sent via email. In the case of Health Net, the platform was used for exchanging files with healthcare providers and others who support its operations. Health net reports that names, addresses, dates of birth, insurance ID numbers, and health information was obtained by the attackers. Accellion notified Health Net about the breach on January 25, 2021.
Health Net has reported the breach as affecting 1,236,902 individuals across Health Net Community Solutions (686,556 individuals), Health Net of California (523,709 individuals), and Health Net Life Insurance Company (26,637 individuals).
Trinity Health has recently alerted 586,869 patients that their PHI was compromised in the attack, including names, addresses, email addresses, dates of birth, healthcare provider names, dates and types of health care services, medical record numbers, immunization types, lab results, medications, payment information, payer names, and claims information.
California Health & Wellness has recently announced that it too was a victim of the Accellion cyberattack and confirmed that the names, addresses, dates of birth, insurance ID numbers, and health information of 80,138 members was stolen.
Stanford University has also recently confirmed that it was a victim of the attack and the PHI of Stanford Medicine patients was compromised, although details of the types of information stolen and the number of individuals affected has yet to be confirmed. Some of the data stolen in the attack was published on the attacker’s leak site.
Previously, University of Miami Health, Centene, Kroger, Trillium Community Health Plan, and Arizona Complete Health reported that they have been affected and had sensitive data stolen.
Multiple lawsuits have already been filed over the breach. Centene is suing Accellion over the breach and a lawsuit has been filed on behalf of affected Kroger pharmacy patients.
The vulnerabilities exploited in the cyberattack have been fixed and Accellion has confirmed that the FTA service will be discontinued from April 30, 2021, although support will continue to be provided until all contracts expire. Most victims have reported that they have discontinued using the Accellion FTA.