Miami University

Miami University, also known as the University of Miami, is a higher education institution located in the United States. The university operates academic programs across various disciplines and maintains a health system that provides medical services and handles sensitive patient data. This health system's involvement in managing protected health information is evidenced by a 2020 security incident where a threat actor exploited vulnerabilities in a third-party file transfer service, leading to unauthorized access and extortion attempts. The breach compromised data including PHI from the university's health system and records related to a patient of a VA Medical Center, indicating the institution's role in processing health information for both its own facilities and federal healthcare partners. Additionally, a separate 2015 incident involved the leak of over 200 usernames and hashed passwords, highlighting ongoing cybersecurity challenges. The university's response to the 2020 event included discontinuing the affected third-party service, engaging cybersecurity experts for investigation, notifying law enforcement, and providing guidance to the community, demonstrating procedural adherence to breach notification protocols.

The university's health system distinguishes it through its integration with federal healthcare initiatives, as seen in the handling of VA patient records during the 2020 incident. This suggests a partnership or contractual relationship with the Department of Veterans Affairs, positioning the institution within a specialized segment of healthcare education and service delivery. The university's approach to security incidents, including thorough investigations and individual notifications under applicable laws, reflects a structured response to regulatory requirements in both education and healthcare sectors. However, no explicit details about ownership structure, parent organizations, or subsidiary entities are provided in the available information, leaving such aspects undetermined. The institution's continued analysis of impacted data to identify affected individuals further underscores its operational engagement with data protection mandates following a significant breach of its third-party file transfer infrastructure.