Australian Clinical Data Breach, 11 February 2021

QIMR Berghofer Medical Research Institute caught up in Accellion breach

620MB of the QIMR Berghofer data appears to have been accessed on 25 December

Company Statement: QIMR Berghofer investigates suspected Accellion data breach
Source: QIMR Berghofer Medical Research Institute, Singtel caught up in Accellion breach | iTnews
More reports from iTnews
More incidents relating to Medical and Health Care

The likely data breach, by an unknown party, appears to have been caused by a vulnerability in Accellion’s system.

QIMR Berghofer immediately shut down the software and launched an internal investigation and forensic analysis. The Institute has sent a copy of its system to Accellion, which is conducting its own forensic analysis to confirm that a data breach has occurred, and, if so, which files were accessed.

QIMR Berghofer uses the third-party file-sharing software to receive and share data from clinical trials of anti-malarial drugs. These clinical trials are conducted with healthy volunteers. No names, contact details or other personally identifiable details of study participants are in the files held in Accellion. Instead, codes are used to refer to study participants. Some of the documents in Accellion include de-identified information such as the initials, date of birth, age, gender, and ethnic group of clinical trial participants, as well as the participant codes. Some other documents include participants’ de-identified medical histories, along with their codes.

The Institute had scheduled to decommission the software next month.

QIMR Berghofer has notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, which the Institute is a member of.