US Fertility Data Breach: Patient Information Stolen in Ransomware Attack

U.S. Fertility, a substantial network of fertility clinics operating throughout the United States, has acknowledged experiencing a ransomware incident resulting in the compromise of certain data.

The organization was established in May through a collaboration between Shady Grove Fertility, a fertility clinic operating numerous sites along the U.S. East Coast, and Amulet Capital Partners, a private equity firm with significant investments in the healthcare industry. Through this joint venture, U.S. Fertility currently manages 55 facilities nationwide, including those in California.

According to a statement released by U.S. Fertility, the attackers obtained a restricted set of files during the period they had access to the company’s systems, culminating in the ransomware being deployed on September 14th. This tactic of extracting data prior to encryption is typical of data-stealing ransomware operations, where perpetrators threaten to release stolen information if ransom demands are not met.

U.S. Fertility reported that the compromised data included some personally identifiable information, such as names and addresses. Additionally, a portion of patients had their Social Security numbers exposed. The company also cautioned that the incident potentially involved protected health information, which, according to U.S. regulations, encompasses details regarding an individual’s health status or medical history, including lab results and medical records.

When contacted for comment, a spokesperson for Amulet, Melissa Sheer, did not offer further information or respond to inquiries.

U.S. Fertility did not specify the reason for the delay of over two months in making the attack public, but stated in its notification that the disclosure was not postponed at the direction of law enforcement agencies.

This incident represents the most recent in a series of attacks targeting the healthcare industry. In September, Universal Health Services, one of the largest hospital systems in the U.S., was impacted by the Ryuk ransomware, leading to temporary closures and patient diversions in some emergency departments. Several other fertility clinics have also been victims of ransomware attacks in recent months.

Read more:

• Healthcare giant UHS hit by ransomware attack, sources say.
• As ransomware gets craftier, companies must start thinking creatively.
• Extra Crunch: Decrypted: The major ransomware attack you probably didn’t hear about.
• The sinkhole that saved the internet.