The Georgia Fertility Clinic has informed approximately 38,000 patients that cybercriminals had access to other data, such as their medical information and social security numbers, during the April ransomware attack.
Matthew Maruca, an adviser to Reproductive Biology Associates and its affiliate MyEgg Bank North America, said that after an attacker accessed the company’s system from April 7, the file server containing embryological data was encrypted on April 16. I wrote in a letter.
According to Marca, the attackers stole names, addresses, SSNs, test results, and “information about the handling of human tissues.”
According to Marca, the company began the investigation in April and began the investigation until June 7, officially confirming that it had accessed and obtained patient data during the attack.
Maruca did not explicitly state that the ransom was paid, but the company could eventually regain access to the encrypted data, and the attacker said, “All published data has been deleted and owned. It is no longer done. “
“We have done a supplementary web search on the potential existence of publicly available information with great care, but at this time we are not aware of the resulting disclosure,” Maruca said. I will. “We continue to monitor appropriately to detect and respond to potentially misuse or misappropriation of publicly available data.”
The company said it provided free surveillance services to affected people and hired a cybersecurity company to protect the system.
Ransomware gangs often retain or post stolen information even after receiving payment, according to multiple investigations by cybersecurity companies. According to a November Coveware report, there are many cases where victims pay their attackers but publish their data online.
KnowBe4’s security conscious advocate, Javvad Malik, said that when a criminal accesses data, the criminal can only restore the stolen data from a backup or pay a ransom. I told ZDNet.
“This could include selling the data to other criminals or using the data itself to attack unprotected victims,” Malik said.
“Organizations such as fertility clinics may think they are less risky than hospitals and the like, but in reality they are of confidentiality that are valuable to criminals and can interfere with their day-to-day operations. There is a lot of expensive personal information. “
The incident ended a whirlwind week when multiple medical institutions notified patients of violations that leaked personal information to attackers and the Web. Minnesota Community Care, Cancer Center in Southwest Oklahoma, San Juan Community Health Center, Little Hill Foundation for Alcoholism Rehabilitation, St. Joseph Hospital in Savannah, Georgia, all violated or ransom that led to the disclosure of patient data in the past Weeks of reporting ware attacks.
Last week, U.S. President Joe Biden told Russian President Vladimir Putin to limit attacks on key industries such as healthcare and to pay for hospitals across the U.S. on a daily basis. Issued when asked to end protection.
Georgia Fertility Clinic Disclosures SSN and Medical Information Violations in Patients After Ransomware Attack
Source link Georgia Fertility Clinic Disclosures SSN and Medical Information Violations in Patients After Ransomware Attack