{
	"id": "091fa611-9ccb-4bdf-afa5-5e7942c63aa7",
	"created_at": "2026-04-06T00:16:31.449923Z",
	"updated_at": "2026-04-10T13:11:29.740078Z",
	"deleted_at": null,
	"sha1_hash": "3d80e69b4a626bc3cc06a13e52d8c4cd52e0e8da",
	"title": "More Accellion Health Data Breaches Revealed",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 76904,
	"plain_text": "More Accellion Health Data Breaches Revealed\r\nBy Marianne Kolbasuk McGee\r\nArchived: 2026-04-05 20:29:02 UTC\r\n3rd Party Risk Management , Data Breach Notification , Governance \u0026 Risk Management\r\nFour More Health Plans Report They, Too, Were Affected (HealthInfoSec) • April 6, 2021    \r\nThis article has been updated.\r\nSee Also: Live Hacking into Microsoft 365\r\nMonths after the December cyberattack on Accellion's File Transfer Appliance, the identities of more healthcare\r\nsector entities that were affected continue to come to light.\r\nIn the last few days, the Department of Health and Human Service's HIPAA Breach Reporting Tool website has\r\nadded several large breaches tied to attacks on unpatched Accellion FTA installations.\r\nAmong the latest victims added are health plans that are owned by Centene Corp., which recently filed a lawsuit\r\nagainst Accellion in the wake of the incident. Those health plans are:\r\nHealth Net Community Solutions, with nearly 687,000 individuals affected;\r\nHealth Net of California, with 524,000 individuals affected;\r\nCalifornia Health \u0026 Wellness, with 80,000 affected;\r\nHealth Net Life Insurance Co., with nearly 27,000 affected.\r\nhttps://www.healthcareinfosecurity.com/more-accellion-health-data-breaches-revealed-a-16350\r\nPage 1 of 3\n\nOther Victims\r\nOther organizations that have revealed in recent weeks that they were victims of the Accellion breach include\r\nTrinity Health, Stanford University School of Medicine, the University of California, and UC Davis.\r\nEarlier, supermarket chain Kroger, Springfield, Illinois-based Southern Illinois University School of Medicine;\r\nTrillium Community Health Plan based in Springfield, Oregon; and Canada-based Nova Scotia Health\r\nEmployees’ Pension Plan also confirmed they were victims.\r\nThird-Party Risks\r\n\"New types of cyberattacks targeting service providers have dramatically increased the risk of compromise to\r\nhealth information impacting large segments of the industry,\" says privacy attorney David Holtzman of the\r\nconsulting firm HITprivacy LLC.\r\n\"Growing public awareness of new cybersecurity threats like ransomware along with increased government\r\noversight is throwing sunlight on the pervasive vulnerabilities plaguing the infrastructure that supports\r\nhealthcare’s information ecosystem.\"\r\nAn Accellion spokesman tells Information Security Media Group that the company is not breaking out by industry\r\nthose customers affected by the FTA breach. But it says fewer than 100 of approximately 300 FTA users were\r\naffected. \"Within this group, fewer than 25 appear to have suffered significant data theft,\" he notes.\r\n\"The Accellion breach is unique from many others in that it represents a data compromise exposure by a company\r\nthat specializes in the file sharing and collaboration - as compared to, for instance, Blackbaud’s primary work as a\r\nprocessor of payment or other transaction processing data,\" says Jim Van Dyke, senior vice president of financial\r\nwellness at security vendor Sontiq.\r\nA 2020 attack on Blackbaud exposed the PHI of more than 11 million individuals.\r\nTrinity Health was affected by both the Accellion and Blackbaud incidents. Last September, Trinity Health\r\nnotified 3.3 million individuals that their PHI was potentially compromised in the Blackbaud incident. Trinity\r\nHealth's Accellion-related breach, added to the HHS OCR website on Wednesday, indicates nearly 587,000\r\nindividuals are affected this time.\r\nFraud Threat\r\nIn the Accellion incident, attackers used reverse engineering to drop a web shell - a script that enables remote\r\nexecution of commands - onto servers running the unpatched FTA software, according to FireEye's Mandiant\r\nincident response group, which Accellion hired to investigate (see: Accellion Attack Involved Extensive Reverse\r\nEngineering).\r\nThe web shell allowed attackers to bypass authentication, remotely execute code on the vulnerable systems and\r\nsteal data, Mandiant says. In at least some cases, stolen data ended up in the hands of the Clop ransomware gang,\r\nwhich has been offering to sell it or to remove it if victims pay a ransom, some clients report (see: Accellion: How\r\nAttackers Stole Data and Ransomed Companies).\r\nhttps://www.healthcareinfosecurity.com/more-accellion-health-data-breaches-revealed-a-16350\r\nPage 2 of 3\n\nWhat's important about the Accellion breach is that \"because the exposure was of a file-sharing organization, all\r\nmanner of personal data may have been exposed,\" Van Dyke notes. In some cases, that includes \"Social Security\r\nnumbers and other data ideal for committing the worst kinds of identity theft, such as new financial account fraud,\r\ntax refund fraud,\" he points out. And because several healthcare organizations had medical data exposed as well,\r\nthat raises the risk of medical identity theft, he adds.\r\nOngoing Challenges\r\nAttacks on third-party providers \"highlight the failure to uphold the chain of trust to safeguard an information\r\necosystem that relies on industry self-regulation, contractual agreements and limited enforcement of government\r\nregulatory standards,\" Holtzman says.\r\nHe calls for the creation of a common standard for cybersecurity that all organizations involved in the information\r\necosystem must meet, universal requirements for proof of testing and risk assessment, and meaningful\r\nenforcement carried out by a government-backed entity.\r\n\"While this will not be a quick solution, the threat will not diminish until there is a comprehensive, mandatory\r\nframework of standards that apply to all,\" he adds.\r\nSource: https://www.healthcareinfosecurity.com/more-accellion-health-data-breaches-revealed-a-16350\r\nhttps://www.healthcareinfosecurity.com/more-accellion-health-data-breaches-revealed-a-16350\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.healthcareinfosecurity.com/more-accellion-health-data-breaches-revealed-a-16350"
	],
	"report_names": [
		"more-accellion-health-data-breaches-revealed-a-16350"
	],
	"threat_actors": [],
	"ts_created_at": 1775434591,
	"ts_updated_at": 1775826689,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3d80e69b4a626bc3cc06a13e52d8c4cd52e0e8da.pdf",
		"text": "https://archive.orkl.eu/3d80e69b4a626bc3cc06a13e52d8c4cd52e0e8da.txt",
		"img": "https://archive.orkl.eu/3d80e69b4a626bc3cc06a13e52d8c4cd52e0e8da.jpg"
	}
}