Ransomware Attack with Data Theft on US Fertility

A ransomware attack on US Fertility (USF) on September 14, 2020 impacted parts of its computer networks and included systems where sensitive protected health information (PHI) is located. US Fertility is the biggest network of fertility centers throughout the United States, operating 55 clinics in 10 states. About 50 percent of its clinics are identified to have been impacted by the attack.

US Fertility reacted promptly to the attack and confirmed the encryption of data on several of its servers and workstations linked to its website. Those systems were taken off the internet right away while investigating the attack. Third-party security and computer forensic professionals came in to help investigate the incident and retrieve data on the impacted workstations and servers. According to USF, it was able to fix all impacted devices and had them connected again to the system on September 20, 2020. USF has reported the attack to federal law enforcement and is helping with the continuing investigation.

After the completion of the forensic investigation, USF confirmed that the attackers stole data. On August 12, 2020, the attackers first acquired access to the network and continued to access it possibly until September 14, 2020 when USF discovered the attack. A review of the system to identify all the files the attackers had access to was concluded on November 13.

USF stated that the unidentified threat actors potentially accessed files that contain names, addresses, birth dates, Social Security numbers and
MPI numbers. The types of information compromised differed from one person to another. The majority of patients had not exposed their Social Security numbers.

Although USF confirmed that there was data theft, no report of PHI misuse was received. Nevertheless, USF notified the affected persons to keep an eye on their accounts and submit a report if they suspect any misuse of protected health information.

USF already took the following steps to strengthen security after the ransomware attack:

  • strengthened its firewall
  • improved tracking of networking activities
  • provided additional training to employees regarding computer security
  • data safety, and identifying phishing emails