US Fertility, the largest network of fertility centers in the U.S., revealed that a ransomware attack hit its systems in September 2020.
The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics with 130,000 babies have been born.
“On September 14, 2020, USF experienced an IT security event [..] that involved the inaccessibility of certain computer systems on our network as a result of a malware infection,” reads the Notice of Data Security Incident provided by the company.
“Through our immediate investigation and response, we determined that data on a number of servers and workstations connected to our domain had been encrypted by ransomware.”
The company immediately launched an investigation into the incident with the help of third-party forensic experts and notified the law enforcement agencies.
Once identified the impacted systems, the US Fertility took down them and completed the recovery operations on September 20.
Unfortunately, the investigation revealed that threat actors were able to steal a limited number of files containing various types of information for each impacted individual including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers.
The company confirmed that has been working with a specialized team of third-party data auditors to accurately identify the impacted individuals.
“The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access, which occurred between August 12, 2020, and September 14, 2020, when the ransomware was executed,” continues the breach notification.
USF has established a dedicated call center (855-914-4699) to provide information and support to its customers.
“We take this incident very seriously and are committed to protecting the security and confidentiality of health information we gather in providing services to individuals,” said Mark Segal, Chief Executive Officer of USF.
(SecurityAffairs – hacking, data breach)