A major Michigan hospital system on Friday notified roughly 1,500 patients that their information may have been exposed as a result of a hack against file-sharing service Accellion.
The law firm Goodwin Proctor notified Beaumont Health in February that patient data shared by the hospital with legal counsel may have been entangled in the wide-reaching hack through the firm’s use of Accellion. Beaumonth Health is a network of health facilities that reported $4.58 billion in total revenue for 2020.
A follow-up investigation by Beaumont found that impacted patient health data included patient name, procedure name, physician name, internal medical record number and dates of service. No patient financial information was impacted, the hospital stated in a press release.
Beaumont Health joins a list of at least 11 healthcare organizations that were affected by a December breach of the file sharing service Accellion. Two of the victims, Kroger Pharmacy and healthcare insurer Centene, both had more than a million individuals’ data exposed by the hack. The incident, which also ensnared Qualys and a number of universities, was the work of a pernicious ransomware gang that has demanded extortion fees from unwitting victims, FireEye previously found
Cybercriminals exploited multiple vulnerabilities in Acellion’s software late last year, allowing them to infiltrate the company’s file-sharing tool to gather information from the company’s customers. The group unleashed a wave of extortion attempts against victims in late January, threatening to share their stolen data if they didn’t pay up.
Nearly nine months since the breach, the Accellion hack continues to claim a growing number of victims across industries. Victims of the attack also include Morgan Stanley, law firm Jones Day and Canadian plane manufacturer Bombardier.