[BreachExchange] Fertility Clinic Hit with Ransomware

[Terrell Byrd]

https://www.infosecurity-magazine.com/news/fertility-clinic-hit-with/

A fertility clinic based in New York City is notifying patients that their
personal data may have been compromised and possibly stolen during a recent
cyber-attack.

Extend Fertility, specializing in IVF and freezing eggs and embryos, was
hit with ransomware in December 2021. The clinic hired third-party digital
forensic specialists to determine the incident's nature and scope.

"On December 20 2021, we discovered a ransomware incident that impacted our
networks and servers which contained protected health and personal
information of some of our patients," said Extend Fertility in a data
breach notice.

"After discovering the incident, we quickly took steps to secure and safely
restore our systems and operations."

A month-long investigation into the attack found that cyber-criminals had
access to servers on which the protected health information (PHI) and
personal data of some of the clinic's patients was stored.

"The investigation determined that on or about December 15, 2021, an
unauthorized individual accessed our systems and likely obtained some
information," said Extend Fertility.

"We have undertaken an extensive analysis of our files to determine what
information was involved and to identify individuals whose data was
potentially impacted."

Information potentially compromised in the security incident includes first
and last name, gender, home address, phone number, email address, and date
of birth, medical history, diagnosis and treatment information, dates of
service, lab test results, prescription information, provider name, medical
account number and financial information.

The full extent of the attack has not yet been engaged as the data analysis
is ongoing. However, the clinic has begun informing individuals whose data
may have been viewed and/or obtained.

The clinic did not state how many patients were impacted by the incident.
Placing the cyber-attack in a broader context, Extend Fertility described
itself as "one of the many healthcare providers confronting the impacts of
the evolving cyber threat landscape."

The clinic is offering complimentary credit monitoring and identity
protection services to individuals impacted or involved in the incident.
Extend Fertility said that it had not discovered any evidence to suggest
that any patient information impacted by the attack has been used for
identity theft or financial fraud.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220218/817297ba/attachment.html>