Georgia fertility clinic breach exposes sensitive patient info

Around 38,000 patients data at risk

Red computer screen with "RANSOM!" on it

A fertility clinic based in Georgia has admitted hackers stole data holding sensitive patient information during a ransomware attack.

In a statement to patients, Reproductive Biology Associates, LLC, (RBA) said the breach affected about 38,000 patients. The clinic said it became aware of a potential data incident in mid-April when it discovered a file server holding embryology data was encrypted and inaccessible.

“We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day,” the statement read.

Further investigations found that hackers accessed its systems on April 7 and then a server containing protected health information on April 10. On June 7, the organization determined whose personal information was affected.

While the organization did not say if it paid a ransom, it said in the notification that it was communicating with the hackers, it managed to regain access to files. and confirmed with whoever accessed its systems that all exposed data was deleted and is no longer in its possession. 

During the investigation, the organization determined the data stolen in the ransomware attack included patients’ full names, addresses, Social Security numbers, laboratory results, and information relating to the handling of human tissue.

The RBA has engaged with a professional IT services firm to conduct interviews and analyze forensic data related to the incident. It is also offering affected individuals free identity monitoring services. 

Jamie Akhtar, CEO and co-founder of CyberSmart, told ITPro there is a growing trend with ransomware attacks to not solely encrypt data but also steal it and threaten to release it if the victim doesn’t pay the ransom. This double-extortion attack places further pressure on the victim to pay up. 

“In this case, it seems RBA has paid the ransom and received confirmation from the cybercriminals that all exposed data has been deleted. However, we cannot take their word for it. RBA has done well to set up monitoring measures to detect any misuse of exposed data, but customers should also remain vigilant, particularly to spear-phishing attacks which can open a new, fresh pipeline of cybercrime for the involved parties,” he said.

Javvad Malik, a security awareness advocate at KnowBe4, told ITPro it's essential that all organizations take the threat of cyber attacks seriously and put in place layers of security to help protect, detect, and respond to any threats in a timely manner. These should be a mix of technical, procedural, and human controls to maximize the chances of preventing an incident. 

“Organizations such as fertility clinics may consider themselves as lower risk than, say, hospitals, but the truth is that they have just as much sensitive personal information that is of value to criminals and can disrupt daily operations,” Malik said.

“Once data has been accessed by criminals, even if an organization can restore from backup or pay a ransom, there is no limitation of what the criminals can do with the stolen data. This can include selling the data on to other criminals or using the data themselves to attack unsuspecting victims."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022