Nationwide fertility clinic says hackers may have stolen sensitive information on patients

Graig Graziosi
·2 min read
<p>US Fertility, which has 55 clinics across the US, said it was hacked and patient information - including private health data and Social Security numbers - was stolen</p> (REUTERS)

US Fertility, which has 55 clinics across the US, said it was hacked and patient information - including private health data and Social Security numbers - was stolen

(REUTERS)

US Fertility, which has 55 clinics across the country, reported that it was victim of a ransomware attack and that the names, addresses and in some cases the private health information and Social Security numbers of patients may have been stolen.

The company issued a statement saying hackers "acquired a limited number of files" in a ransomware attack on 14 September that was fixed six days later.

The company did not say how many patients were affected by the attack. It is unclear why the company waited two months to reveal it was attacked.

"The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access which occurred between August 12 and September 14, when the ransomware was executed," the company said in a statement.

In a ransomware attack, hackers will steal data before locking the victims out of their networks. The hackers then demand a payment of some kind before they will restore the systems. If the ransom is not paid, then the hackers will frequently threaten to publish the data they have stolen.

The company said the attack may have included private health data that could contain patient's medical histories, test results or medical records.

In response to the attack, the company said it has strengthened its firewall and has notified those whose data was at risk.

"We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of the information entrusted to us," the company said in a statement. "We have no evidence of actual misuse of any individual’s information as a result of this incident."

Mark Segal, the Chief Executive Officer of USF, said the company took the breach seriously and was "committed to protecting the security and confidentiality of health information we gather in providing services to individuals."

The company has locations in New York City, Florida, Georgia, Pennsylvania, Illinois, Alabama, Nevada, Missouri, California, North Carolina, Washington and Virginia.

Read More

Florida: Voter registration system crash wasn't cyberattack

Cyberattack hobbles major US/UK hospital chain

Ticketmaster fined £1.25m for 2018 cyberattack

Google Chrome extensions stole browsing data in widest campaign ever

Cryptocurrency mining bot spreading through Facebook Messenger