Page URL:

Fertility clinic ransomware data breach affected 38,000 patients

28 June 2021
Appeared in BioNews 1101

Sensitive personal and medical information of around 38,000 patients has been exposed in a ransomware attack on a US fertility clinic.

Reproductive Biology Associates (RBA) is a fertility treatment provider in Georgia and is also the founding partner of MyEggBank, the largest network of donor egg banks in North America. 

A data breach notification was issued by both RBA and MyEggBank earlier this month. It revealed the clinic first became aware of a cyber-incident on 16 April this year, when it discovered that 'a file server containing embryology data was encrypted and therefore inaccessible.'

RBA said, 'We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor's access, within the same business day.'

However, they believe the attackers first gained access to their systems on 7 April and a server containing health information on 10 April. Ransomware 'threat actors' often breach a particular system on a network before spreading throughout the entire network to steal files and delete backups.

An investigation into the attack revealed that the information of 38,000 patients was exposed, with details including their full names, addresses, social security numbers, laboratory results, and 'information related to the handling of human tissue' potentially impacted and unlawfully disclosed. 

RBA has since stated that, during their investigation into the attack, 'access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession.' The clinic added that it has conducted web searches and has found no indication that any of the stolen information is being discussed or traded online.

While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data.

Fertility clinic discloses data breach exposing patient info
Bleeping Computer |  21 June 2021
Fertility clinic hit by ransomware data breach
Teiss |  22 June 2021
Over 30,000 fertility clinic patients hit by ransomware data breach
Infosecurity Magazine |  21 June 2021
21 June 2021 - by Sarah Dingle 
Imagine: you have a life, a job, a house, and perhaps kids of your own. You're an adult, moving through the world with a sense of who you are and what you want...
14 June 2021 - by Rachel Siden 
The first trial over a California fertility clinic's cryogenic tank failure concluded by awarding $15 million to five plaintiffs...
14 June 2021 - by Tsvetana Stoilova 
A fertility patient received an invasive procedure meant for another woman in an NHS waiting room mix-up, a safety report has said...
to add a Comment.

By posting a comment you agree to abide by the BioNews terms and conditions

Syndicate this story - click here to enquire about using this story.