Connect with us

Hi, what are you looking for?

Cyber Security

Fertility clinic discloses data breach exposing patient info

A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack.

Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and stores them for later use by recipients, including those using the MyEggBank service.

MyEggBank works with multiple fertility centers around the USA, including RBA, to recruit egg donors and create an egg bank where potential recipients can search for a matching egg donor.

Ransomware gang accessed embryology data

In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.”

However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th.

When ransomware attacks occur, threat actors usually breach a particular system on the network and spend a few days to a week quietly spreading throughout the network while stealing files and deleting backups.

While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data.

“In the course of our ongoing investigation of the incident, on June 7, 2021 we determined the individuals whose personal information was affected,” says the RBA data breach notification.

“Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. “

Reproductive Biology Associates’ investigation has determined that the data stolen during the ransomware attack contained the following information for approximately 38,000 patients:

  • Full Name
  • Address
  • Social Security Number
  • Laboratory Results
  • Information relating to the handling of human tissue

As part of their ongoing investigation, RBA has hired an IT services firm to help determine how the attack was conducted, what data was accessed, and to secure their network and devices.

RBA is also offering affected patients free identity theft monitoring services and is advising affected patients to monitor their credit reports.

What should affected patients do?

While ransomware gangs promise to delete data they steal during an attack if a ransom is paid, there is no way to know if they keep their promise.

Some evidence shows that ransomware gangs do not delete stolen data and may use it against victims again in the future.

Due to this, all affected patients should be on the lookout for strange emails or SMS texts regarding the fertility clinic, egg donor information, or other related information.

Patients should also monitor their credit report for fraudulent activity due to the exposure of their social security number.

Advertisement. Scroll to continue reading.

Source: https://www.bleepingcomputer.com/news/security/fertility-clinic-discloses-data-breach-exposing-patient-info/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO