STERIS — like many companies — used a platform provided by Accellion, a third-party vendor, to transfer files. Accellion is a well-established vendor used by many companies across industries for file transfer services.
Accellion has publicly announced that certain applications of its file transfer software have been compromised and recently notified STERIS that there had been unauthorized access to certain STERIS files that were transferred using Accellion’s file transfer platform. We have disabled all access to the Accellion application and notified the appropriate authorities. We are not alone - many other Accellion Customers also had data impacted by this data security incident.
Importantly, STERIS’s own IT systems were not impacted. This incident was isolated to Accellion’s platform and was limited to a small subset of STERIS data shared through this third-party file transfer service during a short period of time. Additionally, due to the nature of this third-party incident, it has not affected STERIS’s own IT systems and did not impact STERIS’s products, Customer software, or remote equipment monitoring.
We are currently investigating this incident with the assistance of outside experts to determine the nature and scope of the data at issue and have reported this matter to federal law enforcement.