A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack. Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and stores them for later use by recipients, including those using the MyEggBank service. MyEggBank works with multiple fertility centers around the USA, including RBA, to recruit egg donors and create an egg bank where potential recipients can search for a matching egg donor. In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.” However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th. While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data. “In the course of our ongoing investigation of the incident, on June 7, 2021, we determined the individuals whose personal information was affected,” says the RBA data breach notification. Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. ” Reproductive Biology Associates’ investigation has determined that the data stolen during the ransomware attack contained the following information for approximately 38,000 patients: Full Name, Address, Social Security Number, Laboratory Results, and Information relating to the handling of human tissue.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in