Accellion Breach Leaks University & Health System Data – Expert Comments

As the Accellion-related fallout continues—this time at University of Colorado and University of Miami Health System—it’s a good time to reiterate the lessons learned. To begin with, always perform software patches and upgrades as soon as they are available. When software becomes outdated or meets its end of life status, make sure you look for current and fully supported products. In addition, keep in mind that threat actors are always looking for ways to get to your sensitive data. Outmoded protection methods such as perimeter security and access control no longer guard against concentrated efforts, and other methods such as standard encryption can also be cracked and can be a burden to administer.

Therefore, look for ways to protect the data itself rather than the borders around it, an approach known as data-centric protection and which includes methods such as tokenization. Tokenization replaces sensitive information with benign but meaningless tokens, so even if hackers get to your data, it is unintelligible and therefore worthless to them. Lastly, know that the fifteen minutes of infamy you will experience if your sensitive data is compromised can cause lasting and irreparable harm to your business, especially reputational damage. Avoid it at all costs through increased attentiveness to data security.

As expected, we are continuing to see the impact of the Accellion file-sharing data breach expand. We applaud the due diligence that many of the affected organizations are taking to be transparent with customers, partners, employees, and with CU, their students, about the exposure of their personally identifiable information (PII). As it appears to be the case with the University of Miami, an organization may not be directly exposed to the breach, but they may be using services or technology supported by Accellion.

It is important to incorporate access control and data lifecycle management into risk assessment by asking about past data/files transfers, and whether those files have been properly managed, such as having access removed when it is no longer required. The results of the cross-functional risk assessment will determine if the organization is vulnerable per the versions of Accellion exploited by malicious attacker/s. Having your security and/or technology organization monitor and track official communications issued by Accellion will allow them to keep up-to-date.

This is especially important because as the investigation continues more data will become available which may impact the associated risk to your organization, and require your organization to take more actions to reduce risk. If you are unclear from official communications where your organization is using a vulnerable version of not, reach out to Accellion for clarity - don’t just assume it's ok.

In today's landscape no organization is safe, whether you are in healthcare, education, transportation etc., which is why it is critical for all organization to adopt good cybersecurity hygiene and educate their users.

With the acceleration in digital transformation, there has also been a rise in security risks, which need to be addressed. Protecting users from phishing emails by digitally signing emails, moving away from passwords, and adopting MFA should all be part of the new strategy organizations need to adopt to secure their digital perimeter.