GA Fertility Clinic Suffers Ransomware Attack, Patient Info Leaked

Reproductive Biology Associates (RBA) and its affiliate My Egg Bank North America revealed that its systems fell victim to a ransomware attack back in April, reported ZDNet. The attackers were able to obtain the personally identifiable information (PII) of around 40,000 patients.

On April 7, unknown assailants were able to gain unauthorized access to the company’s file server, then encrypted its data on April 16. The threat actors were able to obtain names, addresses, Social Security Numbers, lab results, and clinical information. Particularly, they gathered data about the handling of human tissue.

RBA and My Egg Bank North America general counsel Matthew Maruca informed affected patients about the incident through a letter.

GA Fertility Clinic Suffers Ransomware Attack

As per Threat Post, the notice explained the scope of the attack, saying, “We discovered that a file server containing embryology data was encrypted and therefore inaccessible. We quickly determined that this was a result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day.”

Maruca noted that the company immediately started a review which finished on June 7. According to the investigation, the data of almost 38,000 patients had been accessed and stolen during the weeks the hackers exploited vulnerabilities in the server.

Maruca confirmed that the company was able to take back the data and all of the information is no longer with the hackers. The RBA also verified that its data is no longer on the Dark Web. He did not say whether the ransom was paid.

He explained, “In an abundance of caution, we conducted supplemental web searches for the potential presence of the exposed information, and at this time are not aware of any resultant exposure. We are continuing to conduct appropriate monitoring to detect and respond to any misuse or misappropriation of the potentially exposed data.”

It is important to note that a lot of security researchers warn that ransomware groups tend to keep and upload stolen data even after receiving payments from victims.

Security awareness advocate at KnowBe4 Javvad Malik warned that fertility clinics gather a lot of information about patients, just like hospitals which are known to be bigger targets of cyber attackers.

Malik also noted that once such data has been obtained by criminals, there is no telling what they can do to such data behind the scenes even after the ransom has been paid.