Georgia fertility clinic breach exposes sensitive patient info

Around 38,000 patients data at risk

Red computer screen with "RANSOM!" on it

A fertility clinic based in Georgia has admitted hackers stole data holding sensitive patient information during a ransomware attack.

In a statement to patients, Reproductive Biology Associates, LLC, (RBA) said the breach affected about 38,000 patients. The clinic said it became aware of a potential data incident in mid-April when it discovered a file server holding embryology data was encrypted and inaccessible.

“We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day,” the statement read.

Further investigations found that hackers accessed its systems on April 7 and then a server containing protected health information on April 10. On June 7, the organization determined whose personal information was affected.

While the organization did not say if it paid a ransom, it said in the notification that it was communicating with the hackers, it managed to regain access to files. and confirmed with whoever accessed its systems that all exposed data was deleted and is no longer in its possession. 

During the investigation, the organization determined the data stolen in the ransomware attack included patients’ full names, addresses, Social Security numbers, laboratory results, and information relating to the handling of human tissue.

The RBA has engaged with a professional IT services firm to conduct interviews and analyze forensic data related to the incident. It is also offering affected individuals free identity monitoring services. 

Jamie Akhtar, CEO and co-founder of CyberSmart, told ITPro there is a growing trend with ransomware attacks to not solely encrypt data but also steal it and threaten to release it if the victim doesn’t pay the ransom. This double-extortion attack places further pressure on the victim to pay up. 

“In this case, it seems RBA has paid the ransom and received confirmation from the cybercriminals that all exposed data has been deleted. However, we cannot take their word for it. RBA has done well to set up monitoring measures to detect any misuse of exposed data, but customers should also remain vigilant, particularly to spear-phishing attacks which can open a new, fresh pipeline of cybercrime for the involved parties,” he said.

Javvad Malik, a security awareness advocate at KnowBe4, told ITPro it's essential that all organizations take the threat of cyber attacks seriously and put in place layers of security to help protect, detect, and respond to any threats in a timely manner. These should be a mix of technical, procedural, and human controls to maximize the chances of preventing an incident. 

“Organizations such as fertility clinics may consider themselves as lower risk than, say, hospitals, but the truth is that they have just as much sensitive personal information that is of value to criminals and can disrupt daily operations,” Malik said.

“Once data has been accessed by criminals, even if an organization can restore from backup or pay a ransom, there is no limitation of what the criminals can do with the stolen data. This can include selling the data on to other criminals or using the data themselves to attack unsuspecting victims."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

3 Aug 2021
86% of organizations expect a cyber attack in the next 12 months
cyber attacks

86% of organizations expect a cyber attack in the next 12 months

3 Aug 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021