Statement on the School of Medicine
Cybersecurity Incident

 April 2, 2021 - 3:00 p.m. PT

Stanford University School of Medicine has learned of a data breach that is part of a cyber incident involving a third-party file-sharing service, called File Transfer Appliance (FTA), provided by Accellion Inc. The breach was part of a larger national cyberattack on universities, companies, and organizations that use the Accellion FTA.

With the help of a leading cyber-forensics firm, we are analyzing the stolen data and will notify affected individuals as appropriate. Law enforcement has been notified.  

We take data protection very seriously, and as best practice, we recommend that all individuals remain vigilant and promptly report any suspicious activity or suspected identity theft to the Stanford Medicine Privacy Offices.

Individuals associated with the School of Medicine can report incidents here: https://privacyrequest.stanford.edu

Individuals associated with Stanford’s hospitals can report incidents to:  
PrivacyOfficer@stanfordhealthcare.org.

Stanford University, Stanford Health Care and Stanford Children’s Health offer identity theft protection services to all employees. Stanford will also provide these services as appropriate to other affected individuals.

Our investigation is ongoing, and we will post updates here.