Cyber Incident Victim: Southern Illinois University School of Medicine
Date:
Dec 2020
Location:
United States of America
Summary
Southern Illinois University School of Medicine experienced unauthorized access to a third-party electronic file transfer service, potentially compromising personal and protected health information including names, dates of birth, Social Security numbers, driver’s license numbers, medical treatment details, and insurance information. The institution initiated an investigation involving law enforcement and a forensic security firm, terminated use of the compromised service, and offered complimentary identity theft protection to affected individuals whose sensitive identifiers were exposed, though no evidence of data misuse was identified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Southern Illinois University School of Medicine (SIU) discovered that an unauthorized third party potentially accessed an electronic file transfer service used by the institution during three separate periods: December 24, 2020, January 20, 2021, and January 21, 2021. Upon identifying the incident, SIU initiated an internal investigation, notified law enforcement agencies, and immediately disabled access to the compromised file transfer service. The institution engaged a forensic security firm to conduct a thorough examination of the breach and verify the integrity of its network. On February 22, 2021, the forensic investigation confirmed that unauthorized access to the service had occurred. SIU reviewed the contents of the accessed documents to identify any exposed personal information or protected health information (PHI). The analysis revealed that the files contained sensitive data including names, dates of birth, Social Security numbers, driver’s license numbers, medical treatment details, and health insurance information. SIU did not identify the threat actors responsible for the breach and noted no evidence of data misuse for fraud or identity theft at the time of disclosure.
SIU began notifying affected individuals and relevant state and federal regulators following confirmation of the breach’s scope. The institution established a dedicated call center (855-908-1736) operational on weekdays to address inquiries from concerned individuals. Complimentary identity theft protection services were offered to those whose Social Security numbers or driver’s license numbers were compromised. SIU emphasized its commitment to mitigating future risks by permanently discontinuing use of the vulnerable file transfer service. The breach was linked to a broader compromise of Accellion’s file transfer platform, though SIU’s data did not appear on the CLOP threat group’s leak site as of March 5, 2021. Notification letters specified the types of data involved for each recipient but did not disclose the total number of affected individuals. SIU’s Chief Compliance Officer, Kate Cohen, formally submitted the breach disclosure to Illinois authorities under 815 ILCS 530/25, reserving institutional rights regarding legal interpretations of the incident.