[BreachExchange] Quest-owned fertility clinic announces data breach after August ransomware attack

Tue Oct 12 09:56:43 EDT 2021

https://www.zdnet.com/article/quest-owned-fertility-clinic-announces-data-breach-after-august-ransomware-attack/

Quest Diagnostics has informed the SEC about a ransomware attack in August
that hit ReproSource, a fertility clinic owned by the company.

The ransomware attack led to a data breach, exposing a significant amount
of health and financial information for about 350,000 ReproSource patients.

In a statement to ZDNet, Quest said ReproSource provided notice that it
experienced a data security incident in which an unauthorized party may
have accessed or acquired the protected health information and personally
identifiable information of some patients.

"On August 8, 2021, an unauthorized party accessed the ReproSource network.
ReproSource discovered ransomware on the morning of August 10, and in less
than an hour severed all network connection activity and contained the
incident," a company spokesperson explained.

"ReproSource immediately launched a comprehensive investigation to
determine the cause and scope of the incident. ReproSource retained leading
cybersecurity experts to assist with our investigation, confirmed
containment of the ransomware, and quickly and securely recovered
operations. Additionally, ReproSource promptly notified law enforcement."

Quest added that ReproSource began sending out breach notification letters
to victims on September 24.

The letters tell victims that the personal information leaked during the
ransomware attack includes names, addresses, phone numbers, email
addresses, dates of birth and billing information.

A trove of health information was also leaked during the attack, including
CPT codes, diagnosis codes, test requisitions and results, test reports
and/or medical history information, health insurance or group plan
identification names and numbers and other information provided by
individuals or by treating physicians.

The company admitted that an undisclosed number of people also had driver's
license numbers, passport numbers, Social Security numbers, financial
account numbers, and/or credit card numbers leaked in the attack.

News of the breach came to light after a regulatory filing by Quest, which
said the larger company was not affected by the incident at ReproSource but
confirmed that it was a ransomware attack. Quest noted that it has
cybersecurity insurance and does not believe it will have a severe effect
on the company's finances as other ransomware attacks have.

ReproSource is providing victims with free credit and identity monitoring
services from Kroll but did not say how long these services would last.

ReproSource is the second fertility clinic this year to send out breach
notifications after a ransomware attack.

Georgia-based Reproductive Biology Associates, and its affiliate My Egg
Bank North America, notified about 38,000 patients that cybercriminals had
accessed their medical information and other data like social security
numbers during a ransomware attack in April.

Healthcare facilities continue to face the brunt of ransomware attacks
worldwide, specifically because of the sensitive data they are forced to
collect on patients, employees and visitors.

Hundreds have been attacked this year, and the problem has shown no signs
of slowing down.

"Like with other critical infrastructure, healthcare systems face unique
vulnerability from ransomware attacks because the exposed data affects not
only patients' privacy, but also their choices about medical treatment.
Fertility treatments are a perfect example of this, as they can require up
to tens of thousands of dollars in investments from prospective parents,
making this sector a perfect target for bad actors looking for a profit,"
said Tim Eades, CEO at cybersecurity company vArmour.

"It's a reality that ransomware will continue to target fertility clinics
and other health systems for their valuable data."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211012/d786b118/attachment.html>