Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Fertility Clinic Announces Data Breach That Exposed Patient Information

A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack. Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and stores them for later use by recipients, including those using the MyEggBank service. MyEggBank works with multiple fertility centers around the USA, including RBA, to recruit egg donors and create an egg bank where potential recipients can search for a matching egg donor. In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.” However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th. While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data. “In the course of our ongoing investigation of the incident, on June 7, 2021, we determined the individuals whose personal information was affected,” says the RBA data breach notification. Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. ” Reproductive Biology Associates’ investigation has determined that the data stolen during the ransomware attack contained the following information for approximately 38,000 patients: Full Name, Address, Social Security Number, Laboratory Results, and Information relating to the handling of human tissue.

Analyst Notes

While ransomware gangs promise to delete data they stole during an attack if a ransom is paid, there is no way to know if they keep their promise. Some evidence shows that ransomware gangs do not delete stolen data and may use it against victims again in the future. Companies that store sensitive data identifying patients or clients should consider encrypting data at rest, limiting the number of records that can be retrieved at once, and alerting on unusual patterns of data access that don’t fit the normal patterns of use by employees. All affected patients should be on the lookout for suspicious emails or SMS texts regarding the fertility clinic, egg donor information, or other related information. Patients should also monitor their credit report for fraudulent activity and consider a credit freeze due to the exposure of their social security number.

 

Source Article: https://www.bleepingcomputer.com/news/security/fertility-clinic-discloses-data-breach-exposing-patient-info/