KARE reports:
A Twin Cities fertility clinic is warning clients about a data security incident that may have put personal information at risk.
CCRM Minneapolis, which is located in Edina, says the clinic’s servers were targeted by a ransomware attack on October 3, which triggered an investigation to determine if sensitive information had been put at risk. The hacker reportedly demanded a ransom.
The probe confirmed that an unknown, unauthorized third-party may have breached the clinic’s computer security and viewed or accessed patient information that was on the server.
Read more on KARE.
The text of the full notice on the center’s web site appears below:
CCRM Minneapolis, P.C. has become aware of a potential data security incident that may have resulted in the inadvertent exposure of some patients’ personal and health information. Although at this time there is no evidence that patients’ information was actually accessed or viewed, or any indication of actual misuse of anyone’s information, we have taken steps to notify any patients who may have been affected by this incident.
On October 3, 2017, we discovered that our servers had been impacted in a ransomware attack, which prompted an investigation to determine if sensitive information was at risk. The investigation determined that an unknown, unauthorized third-party may have gained access to our server and could have viewed or accessed patient information, including names, addresses, phone numbers, dates of birth, email addresses, Social Security numbers, driver’s licenses, insurance identification numbers and medical records.
Although there is no evidence that the unauthorized third party accessed any information and we are not aware of any misuse of patient information, we take the privacy and security of patient information very seriously, and have taken steps to prevent a similar event from occurring in the future. Notification letters mailed on December 1, 2017, include additional information about what happened and a toll-free number that patients can call to learn more about the incident. The call center is available Monday through Friday from 6:00AM and 5:00 PM Pacific, and can be reached at 1-800-939-4170.
The privacy and protection of patient information is a top priority for CCRM Minneapolis, P.C., which deeply regrets any inconvenience or concern this incident may cause.