Georgia-based fertility clinic in the US has reported a data breach that resulted from a ransomware attack. The stolen files contained sensitive patient information.
Reproductive Biology Associates, LLC is a fertility clinic that specializes in recruiting and storing eggs and offers them to clients, including those using the MyEggBank service. MyEggBank works with fertility centers across the US, recruits egg donors to create an egg bank.
In a data breach notification issued by both RBA and its affiliate MyEggBank, the companies reported that they first found out about the ransomware attack on April 16th, 2021. They believe that the attackers gained access to their systems on April 7th and accessed a server that contained health information on April 10th. The clinic also stated that their server was encrypted when they were attacked and the customer information stolen.
The RBA has immediately hired an IT services firm to assist in their investigation into the attack.
The attackers with ransomware usually spend a few days to a week of silently spreading throughout the network. They then steal files and wipe the system’s backups.
According to the data breach notification, the bank paid a ransom to secure a decryption tool and prevent the release of stolen data.
“In the course of our ongoing investigation of the incident, on June 7, 2021 we determined the individuals whose personal information was affected,” says the RBA data breach notification. “Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession.”
The data stolen from Reproductive Biology Associates included the following information for over 38,000 patients: Full Name, Address, Social Security Number, Laboratory Results, and Information relating to the handling of human tissue.
RBA is also providing affected patients with free identity theft monitoring and advising them to monitor their credit report.