DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Reproductive Biology Associates and My Egg Bank notify 38,538 patients of ransomware incident

Posted on June 17, 2021 by Dissent

Reproductive Biology Associates and its affiliate My Egg Bank North America issued a breach notification involving a ransomware incident that impacted the Atlanta entities.

According to the notification submitted to Maine’s Attorney General’s Office and similar statements posted on their web sites, the entities
first became aware of a potential data incident on April 16, 2021 when they discovered that a file server containing embryology data was encrypted and therefore inaccessible. They report that they quickly determined that this was a ransomware attack and they shut down the affected server, thus terminating the actor’s access, within the same business day.

Based on their investigation, they believe the threat actor gained access to the system on April 7 and gained access to the server with ePHI on April 10. On June 7, they determined which individuals had been impacted.

The entities do not forthrightly state that they then paid the threat actor’s ransom demand, but that seems to be a justifiable inference given that their next statement was that access to the encrypted files was regained and

We obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession.

While it is not totally impossible that threat actors might voluntarily just delete data, it is highly unlikely and much more likely that these entities paid ransom.

Despite having paid ransom, the entities took other measures to protect patient data: they conducted web searches to see if the data showed up anywhere and note that they are continuing to monitor for that. They do not indicate whether they searched dark web forums as well, but that would be a reasonable approach to include. They have also offered affected individuals credit monitoring services.

For those patients whose data had been accessed or exfiltrated, the data types included name, address, Social Security Number, laboratory results, date of birth, and information relating to the handling of human tissue.

In response to the breach, the entities have taken other steps. They write:

As a result of this incident, we have initiated an investigation through a leading professional IT services firm to conduct interviews and analyze forensic data related to the incident. Specifically, we have deployed device tracking and monitoring to help contain and investigate the scope of the incident, as well as performed forensic analyses to understand the scope of the incident.

We have also applied additional internal controls and have provided additional cybersecurity training to our staff to prevent this type of incident from occurring in the future. These controls include working with a cybersecurity service provider to remediate actions taken by the actor and restore our systems, updating, patching, and in some cases replacing infrastructure to the latest versions, deploying password resets to appropriate users, rebuilding impacted systems, and deploying advanced antivirus and malware protection.

According to their notification to Maine, 38,538 patients were being notified this week.

Related posts:

  • The Ransomware Superhero of Normal, Illinois
Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← Lightfoot, Franklin & White notifies clients of ransomware incident
Cruise Operator Carnival Discloses Personal Data Breach, Shares Down →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.