Ransomware Attacks on the University of Miami Health and Mott Community College

A ransomware attack on Accellion, a file transfer service provider, resulted in the access of the protected health information (PHI) of patients of the University of Miami Health by unauthorized individuals.

The University of Miami Health utilized Accellion’s file transfer technology for sharing files that were too large to send out via email. The University of Miami stated that only a small number of individuals at the university used the Accellion solution. Immediate action was done to restrict the impact of the incident. Since then, the university has ceased using Accellion’s file transfer services.

The investigation into the attack is not yet done and the review of the files that were obtained or potentially exposed in the attack is not yet done, therefore the number of people affected by the attack is not yet known.

The University of Miami thinks that none of its systems were breached in the attack and that the university only sent or received limited files through Accellion’s file transfer services.

The gang behind the attack asked for a $10 million ransom payment for the keys to decrypt data files and avoid getting the data posted on the internet or marketed on dark web marketplaces. A few of the information stolen in the ransomware attack was already published on the gang’s leak website, including a number of data associated with patients of the University of Miami Health.

The University of Miami was one of Accellion customers that were impacted by the breach. The others were the University of Colorado, Kroger, Arizona Complete Health, Centene, and Shell Oil.

Mott Community College Ransomware Attack Affected 1,612 Dental Plan Members

Mott Community College has informed 1,612 people that unauthorized individuals obtained files that contain their PHI prior to using ransomware on its systems.

Upon discovery of the attack, a third-party cybersecurity company helped investigate the incident to know the scope of the security breach. The investigation revealed that the attackers acquired access to its network from November 27, 2020 until January 9, 2021.

On January 23, 2021 Mott Community College found out that the attackers exfiltrated sensitive information before deploying the ransomware, and that a few of the files were associated with individuals covered under its self-insured dental plan. An evaluation of those data files showed that they included names, dates of birth, and dental plan enrollment and claims details for persons registered in the dental plan in 2014-2015, and 2019.

On March 24, 2021, Mott Community College started sending notification letters to all persons affected. Although data exfiltration was established, it does not imply the attackers viewed, misused, or disclosed the contents of the data files. Mott Community College has now put in place more safeguards and technical security steps to avoid any more attacks, such as multifactor authentication for all systems and email access and extra password requirements.