Select Page

Incident: QIMR Berghofer Medical Research Institute caught up in Accellion breach | iTnews

Incident: QIMR Berghofer Medical Research Institute caught up in Accellion breach | iTnews

Australian Clinical Data Breach, 11 February 2021

QIMR Berghofer Medical Research Institute caught up in Accellion breach

620MB of the QIMR Berghofer data appears to have been accessed on 25 December

Company Statement: QIMR Berghofer investigates suspected Accellion data breach
Source: QIMR Berghofer Medical Research Institute, Singtel caught up in Accellion breach | iTnews
More reports from iTnews
More incidents relating to Medical and Health Care

The likely data breach, by an unknown party, appears to have been caused by a vulnerability in Accellion’s system.

QIMR Berghofer immediately shut down the software and launched an internal investigation and forensic analysis. The Institute has sent a copy of its system to Accellion, which is conducting its own forensic analysis to confirm that a data breach has occurred, and, if so, which files were accessed.

QIMR Berghofer uses the third-party file-sharing software to receive and share data from clinical trials of anti-malarial drugs. These clinical trials are conducted with healthy volunteers. No names, contact details or other personally identifiable details of study participants are in the files held in Accellion. Instead, codes are used to refer to study participants. Some of the documents in Accellion include de-identified information such as the initials, date of birth, age, gender, and ethnic group of clinical trial participants, as well as the participant codes. Some other documents include participants’ de-identified medical histories, along with their codes.

The Institute had scheduled to decommission the software next month.

QIMR Berghofer has notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, which the Institute is a member of.

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required

Share This