US Fertility targeted in ransomware attack, patient data stolen
US Fertility, which is one of the largest fertility clinic networks in the US, has revealed that it was hit by a ransomware attack in which the names, addresses, and in few cases Social Security numbers and private health data of patients were taken.
US Fertility stated, “The hackers acquired some files during the month that they were in its systems until the ransomware was triggered on September 14.”
A common method of data-stealing ransomware is that it steals data before encrypting the victim’s network for ransom.
US Fertility said in a statement, “The forensic investigation is now settled.” The company confirmed, “The unauthorized actor acquired a limited number of files during the period of unauthorized access which occurred from August 12 to September 14, when ransomware was executed.”
US Fertility said that some personal information, like names and addresses, were taken in the attack. Some patients also had their Social Security numbers taken by ransomware. But the company warned that the attack may have involved protected health information, under the US law, that can include information about a person’s health or medical conditions, like test results and medical records.
US Fertility did not reveal the fact that why it took more than two months to disclose the attack publicly. However, the company said in the notice that its disclosure was not delayed.
The company was created in May as a partnership between – Amulet Capital Partners, an equity firm that invests in healthcare space, and Shady Grove Fertility, a fertility clinic with dozens of locations across the US east coast. US Fertility now claims about 55 locations across the US, including California.
Some of the ransomware operators had said earlier this year that they would not attack health organizations and hospitals during the COVID-19 pandemic.
A ransomware spokesperson did not immediately respond to a media request for comment about the incident.
Even though this is the latest attack targeting the healthcare sector there was another one before this. In September also, one of the largest hospital systems in the US, called Universal Health Services, was hit by the Ryuk ransomware. The attack forced some affected emergency rooms to close and turn patients away. In recent months many more fertility clinics have been attacked by ransomware.