Steris, a provider of a variety of medical products and services, has reportedly been found to have been impacted by a data security incident. The Steris data breach is understood to have been part of a wider cybersecurity attack that first came to public attention in December 2020, when Accellion, a technology company, reportedly suffered a hack.
As one of the many companies that pays to use Accellion’s FTA (File Transfer Appliance) to transfer files, Steris had private information when the FTA server was breached by external hackers. The list of companies affected by the Accellion hack has grown and grown in the months following the data breach, in what has become a highly convoluted incident for the company.
The Accellion incident demonstrates how harmful data breaches can be when they affect businesses that provide services to other businesses, creating a domino effect of data breaches. With the threat of such wide-reaching damage, it is essential that all businesses take action to ensure that they deploy appropriate security and protect the personal information in their possession.
The Accellion cyberattack
On 23rd December 2020, it was revealed that Accellion had suffered a hack, at which point it claimed that the FTA issue had been quickly repaired. However, it was then revealed that further weaknesses reportedly existed. Since then, information held by Accellion has allegedly been found for sale online, assumedly from cybercriminals.
Over the course of 2021, more and more business customers of Accellion announced their involvement in the incident. The gradual accumulation of casualties has led to some critics suggesting that Accellion might have been too slow to notify its affected FTA customers. It is perhaps for this reason that the Steris data breach did not emerge until several weeks after the Accellion attack.
The Steris data breach
In a statement on the Steris data breach, the company reiterated that it was among many that have also been affected by the breach of Accellion’s FTA server. Steris stressed that its own systems had not been hit, such that the affected information only included a small amount of information that was shared through Accellion’s platform. No further details in terms of the data affected were given.
However, elsewhere, it has been alleged that Steris documents exposed in the breach may have fallen into the hands of a ransomware gang, the contents of which are said to be confidential.
It is understood that the Steris data breach was subjected to investigation after the company enlisted external experts in order to help to assess the situation. The outcome of this investigation has not yet been publicised, which hopefully suggests that there are no further security concerns that need to be raised.
The importance of data security for businesses
As a result of what appears to have been cybersecurity vulnerabilities, Accellion has compromised the security of a number of its business customers. The knock-on effects of any data protection errors can extend across many other companies, a fact that demonstrates how vital it is for businesses to maintain the integrity of their systems.
Your Lawyers, as leading specialist data leak lawyers, have represented clients for claims against many third parties who have failed to comply with their data protection obligations. If you have been affected by a data breach, you may be able to recover compensation, so contact us today for more information.