A well-known pioneer in in-vitro fertilization (IVF), My Egg Bank North America, along with Reproductive Biology Associates (RBA) have disclosed a data breach as of Friday. The type of breach was determined to be a ransomware attack.
In general, a ransomware infection occurs when malware gets into your device and locks it. From there, a ransom note is posted demanding that you pay a ransom in order to decrypt your files and sensitive data. It’s possible to get ransomware through accidentally downloading an email attachment from a phishing email and unknowingly installing it onto your smartphone or computer.
Attackers were able to infiltrate the fertility clinic’s network early April and encrypt embryological data, rendering it inaccessible. Although the company shut down the affected server the day they became aware of the issue, sadly a plethora of personal data was stolen. This includes things like personal information such as full names, addresses, social security numbers (SSNs), lab results and information relating to how human tissue is handled.
Reproductive Biology Associates confirmed that the malicious actors had deleted the data they took, and no longer had access to it. They are continuing to monitor the incident. There’s currently no information on which form of ransomware was the driving force behind the attack, or whether RBA decided to pay the ransom.
While organizations like fertility clinics may not consider themselves high-risk for these types of cyber attacks, it’s important to note that cybercriminals are increasingly setting their sights on businesses that handle electronic protected health information, or ePHI. Once the data is accessed, there’s no going back– customer data can be sold on the dark web or criminals can use the information to attack unsuspecting users directly.
When it comes to dealing with health care information, it’s important for covered entities and even business associates to follow the HIPAA Security Rule to maintain HIPAA compliance standards. Healthcare information is some of the most sensitive data out there, and attackers are keenly aware of the best ways to gain access to it. If you’re not careful, you could be leaving your organization out in the open.
Cybersecurity isn’t just for the big organizations, it’s for the small ones too. It’s important to remember that any business can become compromised at any time, even with existing procedures in place. The goal is to mitigate risk and stay proactive in how you handle your personal security. Companies are gathering data on us all the time, and if they aren’t doing their due diligence, it’s easy to become a victim of identity theft. If you need help in beefing up your cyber awareness, check out our infographic below.
← Click on the image to learn some tips and tricks to increase your cybersecurity awareness