Ransomware Hits Largest US Fertility Network, Patient Data Stolen

US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020.

The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics and more than 80 physicians.

In total, more than 130,000 babies have been born with the help of partner IVF/fertility practices in the USF network, including but not limited to Shady Grove Fertility, Reproductive Science Center San Francisco, IVF Florida, and Fertility Center of Illinois.

Systems down for over a week

“On September 14, 2020, USF experienced an IT security event [..] that involved the inaccessibility of certain computer systems on our network as a result of a malware infection,” USF said in an official statement.

“Through our immediate investigation and response, we determined that data on a number of servers and workstations connected to our domain had been encrypted by ransomware.”

Third-party forensic experts were retained by USF immediately after detecting the attack to help investigate the security incident.

USF took down the impacted servers and workstations after discovering the attack. USF was able to restore them with the help of third-party computer forensic specialists and reconnect them to the network on September 20.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

The fertility network also informed federal law enforcement authorities about the ransomware attack and continues to work with them throughout the incident investigation.

Protected health information stolen in the attack

“The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access, which occurred between August 12, 2020, and September 14, 2020, when the ransomware was executed,” USF’s breach notification details.

Following a review of all files accessed during the attack that concluded on November 13, USF determined that the files exfiltrated by the unknown ransomware group contained various types of information for each impacted individual including names, addresses, dates of birth, MPI numbers, and Social Security numbers.

“The types of information impacted vary by individual, and we determined that for many individuals, Social Security numbers were not impacted,” USF added.

“Please also note that we have no evidence of actual misuse of any individual’s information as a result of the Incident.”

USF has established a dedicated call center reachable via a toll-free assistance line at 855-914-4699, Monday through Friday from 9:00 am to 9:00 pm EST.

Last month, the U.S. government warned of ongoing Ryuk ransomware attacks against healthcare industry organizations including both hospitals and healthcare providers.

BleepingComputer has reached out to a US Fertility spokesperson for more details but had not heard back at the time of this publication.

Also Read: Letter of Consent MOM: Getting the Details Right