Page URL:

Patient data stolen from a fertility clinic network in the USA

30 November 2020
Appeared in BioNews 1074

One of the largest networks of fertility clinics in the USA has confirmed that it was targeted by a ransomware attack, resulting in a security breach of patient information.

The fertility clinic network in question, US Fertility, wrote a statement and specified that the hackers 'acquired a limited number of files' during a 'period of unauthorised access' that ran between 12 August 2020 to 14 September 2020. Data-stealing ransomware typically harvests data from the source system before encrypting the victim's network for ransom. Some ransomware groups then publish the stolen files on their websites if their ransom demand isn't paid.

'We take this incident very seriously and are committed to protecting the security and confidentiality of health information we gather in providing services to individuals,' Mark Segal, the chief executive officer of US Fertility, said about the breach.

Along with apologising for the incident and re-stating its commitment to safeguarding the privacy and security of patient information, US Fertility revealed that their patients' personal information, such as names and addresses, dates of birth and in some cases even social security numbers, were part of the data breach. The company further stated that there was 'no evidence of actual misuse of any individual's information' related to the attack. However, the company also warned that the attack may have involved protected health information, which would include information about a patient's health or medical treatments, such as test results and medical records.

While US Fertility acknowledged conducting an internal review to confirm the extent of the data breach, they did not explain why the company took over two months to publicly disclose the attack. However, its statement included that this disclosure had not been delayed on request of law enforcement.

This attack is part of a larger pattern in the US healthcare sector, where several other fertility clinics have been attacked by ransomware in recent months. For example, the Colorado Center for Reproductive Medicine, based in Denver with locations across the USA, suffered a data security breach that affected its Minneapolis clinic in Edina in 2017.

24 August 2020 - by Christina Burke 
The fertility app Premom has shared data with third-party Chinese companies without user permission, according to the International Digital Accountability Council...
22 June 2020 - by Georgia Everett 
Chinese authorities are collecting blood samples from across the country to build a genetic map of its roughly 700 million males...
6 January 2020 - by Dr Helen Robertson 
The Pentagon is advising members of the US military not to use commercial DNA testing kits, stating that they could pose a security concern...
11 June 2018 - by Dr James Heather 
Genealogy service MyHeritage has revealed that some of their user account data has been hacked...
to add a Comment.

By posting a comment you agree to abide by the BioNews terms and conditions

Syndicate this story - click here to enquire about using this story.