Southern Illinois University School of Medicine impacted by Accellion breach, notifies patients

It appears that SIU was impacted by the Accellion breach that has been in the news a lot this past month.  SIU is the first entity, however, to disclose that the incident impacted protected health information (PHI), although as DataBreaches.net reported, this site found what might be PHI in Jones Day’s dumped data. SIU does not appear on the CLOP threat actors’ dedicated leak site at the time of this publication. Here is SIU’s notification: The Southern Illinois University School of Medicine, (“SIU”) is providing notice pursuant to 815 ILCS 530/25 in connection with an incident that may have involved the personal information of certain Illinois residents. This notice will be supplemented, if necessary, with any new significant facts discovered subsequent to its submission. While SIU is notifying you of this incident, SIU does not waive any rights or defenses relating to the incident or this notice. NATURE OF THE INCIDENT AND CORRECTIVE ACTIONS TAKEN SIU recently discovered that an unknown, unauthorized third party may have accessed an electronic file transfer service utilized by SIU for short periods of time on December 24, 2020, January 20, 2021, and January 21, 2021. Upon discovering the incident, SIU began an investigation, notified law enforcement, and has since shut down access to the service. Additionally, SIU engaged a forensic security firm to conduct an investigation of the incident and confirm the security of SIU’s network. On February 22, 2021, the forensic investigation confirmed that unauthorized access to the service occurred. SIU searched the documents for any personal information or protected health information. SIU determined that the documents contained personal information for certain individuals, including, depending on the individual, their name, date of birth, Social Security number, driver’s license number, medical treatment information, and medical insurance information. SIU is working to notify individuals and state and federal regulators as quickly as possible in accordance with state and federal law. SIU will arrange for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident. If SIU determines the identity of the actor who accessed SIU’s system, SIU will notify the General Assembly in accordance with 815 ILCS 530/12(f). SIU is taking steps to reduce the risk of this type of incident occurring in the future, including terminating the use of this particular service. Please do not hesitate to contact me if you have any questions or if I can provide you with any further information concerning this matter. Very truly yours, Kate Cohen, JD, CHC, CHRC Chief Compliance Officer SIU School of Medicine AFFECTED INDIVIDUALS If you have questions or are concerned that your information may have been compromised, please call 855-908-1736. Someone will be available to take your call Monday-Friday, 8 a.m.-5 p.m. FREQUENTLY ASKED QUESTIONS What happened? We recently discovered that an unknown, unauthorized third party may have accessed documents stored in an electronic file transfer service used by SIU Medicine. Upon discovering the incident, SIU began an investigation, and has since shut down access to the service. Additionally, SIU engaged a forensic security firm to conduct an investigation of the incident. We have no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft. Nevertheless, as part of our investigation, we searched for any personal information in the potentially accessed documents and we are notifying those individuals whose personal information was identified. Who did this? We do not know the identity of the individual or individuals responsible for this incident. How do I know if my information was affected? Individuals whose information was affected by this incident have already or will be notified by SIU. The notification will specify what information may have been included in the potentially accessed documents. If you believe your information may have been affected by this incident or have questions about the incident, please call 855-908-1736.DataBreaches.netRead More