Georgia-based fertility clinic Reproductive Biology Associates is one of the latest victims of the recent rash of ransomware attacks plaguing our country. Data from an estimated 38,000 victims were compromised as a result of this breach.
Reproductive Biology Associates staff first became aware of a problem on April 16, 2021, when they found a server containing embryology data to be encrypted and inaccessible. The company’s IT team took immediate action to prevent the damage by shutting down the affected server. Even so, they estimated that the attackers had had access to protected health information for six days before they were detected.
The compromised data included sensitive details, including names, addresses, Social Security numbers, lab test results, and information relating to the handling of human tissue. Although company officials did not divulge whether they had paid the ransom requested by the attackers, they announced that they had once again been given access to the encrypted files and were assured that the hackers no longer possessed the data.
Patients were offered free identity theft monitoring and urged to oversee their credit reports in response to this ransomware incident. Despite these efforts, victims may continue to be vulnerable if the criminals did not delete the data as they claimed to have done or if they sold it to other unscrupulous entities.
Doing all you can to prevent ransomware attacks is far more effective than dealing with their devastating consequences after they occur. To that end, make sure that your networks, devices, and software are up-to-date. Make it a priority to conduct frequent backups, and install security patches on your browsers and operating systems. The bottom line is to design, implement and maintain robust security protocols and practices.