2 min read

Fertility Patients' Sensitive Personal Information Stolen During Ransomware Attack

Graham CLULEY

November 27, 2020

Fertility Patients' Sensitive Personal Information Stolen During Ransomware Attack
  • US Fertility network took two months to go public about attack.
  • Health information of patients may be at risk.

Fertility clinics across the United States have been struck by a ransomware attack that has not only encrypted networks, but also stolen patients’ sensitive personal and medical information.

US Fertility, a network of fertility clinics which boasts 55 locations across the United States, has revealed that it became aware ransomware had infected its network on September 14 2020, encrypting data on servers and workstations.

The company says that third-party experts were able to help it restore its systems six days later, but that a subsequent investigation has determined that a “limited number of files” had been accessed by an unknown hacker between August 12 2020, and the activation of the ransomware on September 14.

Such tactics are not unusual in modern ransomware attacks, where criminal gangs increase pressure on their victims by not only locking them out of their organisation’s computer systems by encrypting data, but also stealing sensitive files with the threat of publishing them online or selling them on to others.

The company warned that the security breach might “affect the security of certain
individuals” protected health information.”

According to US Fertility, the types of data accessed by the attackers included patients’ names, addresses, phone numbers, email addresses, dates of birth, medical record numbers (MPI), and – in some cases – social security numbers.

A list of infertility clinics affected by the attack are listed in US Fertility’s press release.

US Fertility CEO Mark Segal apologised for the security breach occurring, and said that the firm was committed to safeguarding the privacy and security of information patients entrusted to it:

“We take this incident very seriously and are committed to protecting the security and confidentiality of health information we gather in providing services to individuals.”

The firm has set up a dedicated call center for patients who have questions or concerns.

One question I would have is just why it has taken over two months for the business to share its news about a security breach. The arrival of the bad news does seem somewhat conveniently timed, coming as it does just as most Americans are enjoying the Thanksgiving holiday.

It may not be the case that US Fertility deliberately held back public disclosure until now in order to try to minimise publicity around the successful attack on their computer systems, but it certainly looks that way.

No doubt US Fertility would say that it was waiting until it completed its investigation, wanting to know the extent of the problem, and just how many patients may have been impacted (although, tellingly, they have chosen not to share that figure.)

I have some sympathy for companies wanting to know all the facts before they share them with the world, but I lean more towards telling potentially infected individuals that there might be a problem, and to be on their guard from possible attacks exploiting potentially stolen data, much more.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read