US Fertility, which has 55 clinics across the country, targeted in ransomware attack with patients’ names, addresses, some Social Security numbers and health data stolen
- US Fertility announced in a statement that it was targeted in a ransomware attack on September 14 that stole patient data
- In the attack patients’ names, addresses, and in some cases health data and Social Security numbers were taken
- The company was formed in May as a partnership between Shady Grove Fertility and Amulet Capital Partners and the breach took place four months later
- US Fertility has 55 locations across the US and said it has contacted potentially impacted patients and has enacted new protective security measures
US Fertility, which is one of the most expansive fertility clinic networks in the US, has revealed it was hit by a ransomware attack and the names, addresses and in some cases private health data and Social Security numbers of patients were taken.
The company, which was formed in May and boasts 55 locations across the US, said in a statement that hackers ‘acquired a limited number of files’ in a ransomware attack on September 14 that was fixed six days later.
‘The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access which occurred between August 12 and September 14, when the ransomware was executed,’ US Fertility said in a statement.
A common technique of data-stealing ransomware is that it steals data before encrypting the victim’s network for ransom. Then some ransomware groups publish the stolen data on their websites if they are not paid the ransom, as per Tech Crunch.
US Fertility, which is one of the most expansive fertility clinic networks in the US, has revealed it was hit by a ransomware attack and the names, addresses and in some cases private health data and Social Security numbers of patients were taken. A view of the company’s Shady Grove Fertility in Atlanta that was impacted in the attack above
A view of the company’s Shady Grove Fertility in New York City that was impacted in the attack above
The company said that impacted files that were accessed included the names, addresses, dates of birth and Social Security numbers of some patients.
The company warned that the attack may have also involved protected health information, which can include information about a person’s health, medical conditions, tests results or medical records.
The company said that it has since fortified its firewall and has notified potentially impacted individuals.
US Fertility was formed in May as a partnership between Shady Grove Fertility, which has dozens of locations across the East Coast of the US and Amulet Capital Partners, a private equity firm that invests in the healthcare space.
It has locations in New York City, Florida, Georgia, Pennsylvania, Illinois, Alabama, Nevada, Missouri, California, North Carolina, Washington and Virginia.
It’s not clear why US Fertility took months to disclose the attack.
‘We have no evidence of actual misuse of any individual’s information as a result of this incident,’ the company said in a statement
‘We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of the information entrusted to us,’ the company said in a statement.
‘We have no evidence of actual misuse of any individual’s information as a result of this incident,’ company added.
‘We take this incident very seriously and are committed to protecting the security and confidentiality of health information we gather in providing services to individuals,’ Mark Segal, the Chief Executive Officer of USF, said on the breach.
In 2017 a Minnesota fertility clinic was also hit by a ransomware attack that may have exposed some patients’ personal information and health information.
The Colorado Center for Reproductive Medicine, which is based in Denver and has locations across the US, suffered a data security breach that only affected its Minneapolis clinic in Edina on October 3, 2018.