[BreachExchange] US Fertility says patient data was stolen in a ransomware attack

Destry Winant destry at riskbasedsecurity.com
Tue Dec 1 10:33:50 EST 2020 

https://techcrunch.com/2020/11/26/us-fertility-ransomware-attack/

U.S. Fertility, one of the largest networks of fertility clinics in
the United States, has confirmed it was hit by a ransomware attack and
that data was taken.

The company was formed in May as a partnership between Shady Grove
Fertility, a fertility clinic with dozens of locations across the U.S.
East Coast, and Amulet Capital Partners, a private equity firm that
invests largely in the healthcare space. As a joint venture, U.S.
Fertility now claims 55 locations across the U.S., including
California.

In a statement, U.S. Fertility said that the hackers “acquired a
limited number of files” during the month that they were in its
systems, until the ransomware was triggered on September 14. That’s a
common technique of data-stealing ransomware, which steals data before
encrypting the victim’s network for ransom. Some ransomware groups
publish the stolen files on their websites if their ransom demand
isn’t paid.

U.S. Fertility said some personal information, like names and
addresses, were taken in the attack. Some patients also had their
Social Security numbers taken. But the company warned that the attack
may have involved protected health information. Under U.S. law, that
can include information about a person’s health or medical conditions,
like test results and medical records.

When reached, Amulet spokesperson Melissa Sheer declined to comment
further or answer any of our questions.

U.S. Fertility didn’t say why it took more than two months to publicly
disclose the attack, but said in the notice that its disclosure was
not delayed at the request of law enforcement.

This is the latest attack targeting the healthcare sector. In
September, one of the largest hospital systems in the U.S., Universal
Health Services, was hit by the Ryuk ransomware, forcing some affected
emergency rooms to close and to turn patients away. Several other
fertility clinics have been attacked by ransomware in recent months.

More information about the BreachExchange mailing list