Georgia-based Fertility Clinic Hit with Ransomware Attack
Fertility Clinic Representatives Say Names, Social Security Numbers, Laboratory Results, and Other Private Data May Have Been Compromised.
A Georgia-based fertility clinic has revealed it had suffered a data breach after files containing private patient information were stolen during a ransomware attack.
Following the attack that occurred in April, the clinic has informed about 38.000 patients that their sensitive data such as medical information, names, addresses, and others have been exposed.
According to its website, the Reproductive Biology Associates (RBA), along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization (IVF).
After launching in 1983 as Georgia’s first IVF program, it became the first on the East Coast to achieve pregnancy from a frozen embryo and the first in the Western Hemisphere to report a birth from frozen donor eggs. MyEggBank, meanwhile, is the largest network of donor egg banks and client practices in North America.
When Did The Ransomware Attack Happen?
In a letter from the Georgia-based fertility health center, accompanied by its affiliate My Egg Bank North America, general counsel Matthew Maruca declared the organization first became aware of a potential attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.”
Nevertheless, they believe the cybercriminals first obtained access to the company’s systems starting on April 7, 2021, and eventually to a server holding secured health information on April 10, 2021.
What Data Was Stolen?
According to the clinic investigation, the threat actors managed to steal:
- Full Name
- Social Security Number
- Laboratory Results
- Information relating to the handling of human tissue
Maruca declared the company initiated an investigation in April that lasted until June 7, when they officially confirmed that patient information had been leaked following the attack. They also determined the people whose private data was exposed.
While RBA officials do not explicitly say that they paid a ransom, it was confirmed by them that access to the encrypted files was regained, and were told by the hackers that all exposed data was deleted and is no longer in its possession.
In an abundance of caution, we conducted supplemental web searches for the potential presence of the exposed information, and at this time are not aware of any resultant exposure.
We are continuing to conduct appropriate monitoring to detect and respond to any misuse or misappropriation of the potentially exposed data.
Following the ransomware attack, the Georgia-based fertility clinic has started an investigation through a leading professional IT services company to help determine how the attack was organized, what information was exposed, and to secure their network and devices.
What Should Victims Do?
Many types of research from cybersecurity companies have shown that even after the ransom payment and ransomware gangs’ assurance to delete the stolen data, ransomware gangs often keep or even post stolen information.
Some reports showed that there have been several cases where victims have paid attackers and still had their data published online.
In the Georgia Fertility Clinic case, the company provides free-of-charge monitoring services for those affected.
People are also urged to inform their bank if someone attempts to access accounts fraudulently and to remain vigilant by closely reviewing account statements and credit reports.
All impacted individuals should watch for dubious emails or messages concerning the fertility clinic, egg donor information, or other related information.