Fertility Clinic Patients Hit by Ransomware Egg

Ransomware attacks have been seen to hit a wide variety of industries and sectors over the past year, with the healthcare sector being a prime cause for concern and target.

A Healthy Target

Considered among the chief containers for personal and sensitive information that can be stolen in various cybercrime attacks, every sector of the medical and healthcare field contains enough information to seriously jeopardise patients’ lives. 2021 has seen plenty in the field suffer data breaches, and the area of fertility clinics are not safe with the revelation that a US-based fertility clinic has tens of thousands of records of patients that have been accessed and stolen.

Reproductive Biology Associates (RBA) is the founding partner of the US-wide fertility network My Egg Bank, as well as the first organization of its kind to offer IVF in the state of Georgia. On April 16 of 2021, RBA unveiled that it had become aware of a cyber-incident of encryption of a file server that contained embryology data of its clients.

Quick Action

RBA were quick to shut down the affected server to terminate the actor’s access within the same day as identifying it as a ransomware attack. Through investigation, it was discovered that the actor had gained access to the system a week prior on April 7, then gained access to the server containing the protected health information on April 10.

Whilst the investigation was ongoing, the individuals whose information was affected were determined on April 7 and access to the encrypted files was regained. The actor then confirmed that all exposed data was deleted and no longer in their possession. Among the information contained in the breach was full names, addresses, Social Security numbers, lab results and ‘information relating to the handling of human tissue’ relating to 38,000 patients.

Not Trusting the Actor

To get a thorough reading on the level of potential damage, RBA conducted web searches to check on any activity surrounding potentially stolen information being discussed or traded online. So far, no indication of any instances has been discovered.

However, exactly how much trust is put into a threat actor’s word in regards to the information being deleted can only be treated with a pinch of salt, due to the extensive history of threat actors often not keeping their word regarding stolen data.

Back in November 2020, a report detailed that affiliates are publishing data even though they have received large ransoms for the safe return of their data, as well as demanding further payments being made to prevent publishing.

For more information on enterprise security and risk management events, check out the upcoming events from Whitehall Media.