A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack.
Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and stores them for later use by recipients, including those using the MyEggBank service.
MyEggBank works with multiple fertility centers around the USA, including RBA, to recruit egg donors and create an egg bank where potential recipients can search for a matching egg donor.
Ransomware gang accessed embryology data
In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.”
However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th.
When ransomware attacks occur, threat actors usually breach a particular system on the network and spend a few days to a week quietly spreading throughout the network while stealing files and deleting backups.
While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data.
“In the course of our ongoing investigation of the incident, on June 7, 2021 we determined the individuals whose personal information was affected,” says the RBA data breach notification.
“Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. “
Reproductive Biology Associates’ investigation has determined that the data stolen during the ransomware attack contained the following information for approximately 38,000 patients:
- Full Name
- Address
- Social Security Number
- Laboratory Results
- Information relating to the handling of human tissue
As part of their ongoing investigation, RBA has hired an IT services firm to help determine how the attack was conducted, what data was accessed, and to secure their network and devices.
RBA is also offering affected patients free identity theft monitoring services and is advising affected patients to monitor their credit reports.
What should affected patients do?
While ransomware gangs promise to delete data they steal during an attack if a ransom is paid, there is no way to know if they keep their promise.
Some evidence shows that ransomware gangs do not delete stolen data and may use it against victims again in the future.
Due to this, all affected patients should be on the lookout for strange emails or SMS texts regarding the fertility clinic, egg donor information, or other related information.
Patients should also monitor their credit report for fraudulent activity due to the exposure of their social security number.
