A Georgia-based fertility clinic has disclosed a knowledge breach after recordsdata containing delicate affected person data have been stolen throughout a ransomware assault.
Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and shops them for later use by recipients, together with these utilizing the MyEggBank service.
MyEggBank works with a number of fertility facilities across the USA, together with RBA, to recruit egg donors and create an egg financial institution the place potential recipients can seek for an identical egg donor.
Ransomware gang accessed embryology knowledge
In a knowledge breach notification issued by each RBA and its affiliate MyEggBank, RBA states that they first realized that they have been hit by a ransomware assault on April 16th, 2021, when “a file server containing embryology knowledge was encrypted and subsequently inaccessible.”
Nonetheless, they imagine the attackers first gained entry to their methods on April seventh and a server containing well being data on April 10th.
When ransomware assaults happen, menace actors normally breach a specific system on the community and spend just a few days to every week quietly spreading all through the community whereas stealing recordsdata and deleting backups.
Whereas RBA doesn’t explicitly state that they paid a ransom, the info breach notification signifies that they’d achieved so to get a decryptor and forestall the discharge of stolen knowledge.
“In the middle of our ongoing investigation of the incident, on June 7, 2021 we decided the people whose private data was affected,” says the RBA knowledge breach notification.
“Entry to the encrypted recordsdata was regained, and we obtained affirmation from the actor that every one uncovered knowledge was deleted and is not in its possession. “
Reproductive Biology Associates’ investigation has decided that the info stolen in the course of the ransomware assault contained the next data for about 38,000 sufferers:
- Full Identify
- Deal with
- Social Safety Quantity
- Laboratory Outcomes
- Info referring to the dealing with of human tissue
As a part of their ongoing investigation, RBA has employed an IT companies agency to assist decide how the assault was performed, what knowledge was accessed, and to safe their community and gadgets.
RBA can also be providing affected sufferers free identification theft monitoring companies and is advising affected sufferers to watch their credit score stories.
What ought to affected sufferers do?
Whereas ransomware gangs promise to delete knowledge they steal throughout an assault if a ransom is paid, there isn’t any technique to know in the event that they maintain their promise.
Some proof reveals that ransomware gangs don’t delete stolen knowledge and will use it in opposition to victims once more sooner or later.
Attributable to this, all affected sufferers must be looking out for unusual emails or SMS texts relating to the fertility clinic, egg donor data, or different associated data.
Sufferers also needs to monitor their credit score report for fraudulent exercise as a result of publicity of their social safety quantity.