Threat Watch

Ransomware Hits Largest U.S. Fertility Clinic

US Fertility (USF), America’s largest fertility center, states that they suffered a ransomware attack in September of this year. USF is composed of 55 locations across 10 states and employs more than 80 physicians. In an official statement from USF, “On September 14, 2020, USF experienced an IT security event [..] that involved the inaccessibility of certain computer systems on our network as a result of a malware infection, through our immediate investigation and response, we determined that data on several servers and workstations connected to our domain had been encrypted by ransomware.” USF retained third party experts and notified appropriate law enforcement agencies immediately after detecting the attack to investigate the incident. USF also took down the affected servers and workstations after the attack was discovered. The information impacted in the attack includes names, addresses, dates of birth, MPI numbers, and social security numbers of patients. The company also states that they have no evidence of actual misuse of individuals’ information.

ANALYST NOTES

USF has established a dedicated call center for affected individuals that can be reached at 855-914-4699. Any former patient who believes that they may have been affected by this attack should monitor their financial records and if any suspicious activity is found, the individual should contact their banking institution to correct the issue. IT professionals who manage technology for medical service providers, whether large or small, should be aware that cybercriminals actively target their systems. It is important to segment networks to prevent a breach on an employee workstation from being able to directly access the database servers containing patient data. It is also a best practice to monitor normal, authorized usage patterns of employees accessing patient data through the established employee interfaces and alert whenever an unusual pattern occurs—for example, one employee account quickly accessing all patient records. In the USF incident, it appears that only a limited number of patients were affected, even though the attackers had access to the network for almost a month. This indicates that USF may have implemented controls to limit access to patient records and reduced the overall negative impact. Organizations should also adopt a strategy of defense in depth with 24/7 monitoring of workstations, servers and other devices inside the corporate network to discover and quickly stop intrusions that make it past the outer layers of security controls. If intruders only have minutes instead of weeks of access to a network, the damage from attacks can be significantly reduced.
Source Article: https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/