Nationwide fertility clinic says hackers may have stolen sensitive information on patients
Patient medical histories and Social Security numbers at risk in the attack, the company, US Fertility, said
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.US Fertility, which has 55 clinics across the country, reported that it was victim of a ransomware attack and that the names, addresses and in some cases the private health information and Social Security numbers of patients may have been stolen.
The company issued a statement saying hackers "acquired a limited number of files" in a ransomware attack on 14 September that was fixed six days later.
The company did not say how many patients were affected by the attack. It is unclear why the company waited two months to reveal it was attacked.
"The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access which occurred between August 12 and September 14, when the ransomware was executed," the company said in a statement.
In a ransomware attack, hackers will steal data before locking the victims out of their networks. The hackers then demand a payment of some kind before they will restore the systems. If the ransom is not paid, then the hackers will frequently threaten to publish the data they have stolen.
The company said the attack may have included private health data that could contain patient's medical histories, test results or medical records.
In response to the attack, the company said it has strengthened its firewall and has notified those whose data was at risk.
"We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of the information entrusted to us," the company said in a statement. "We have no evidence of actual misuse of any individual’s information as a result of this incident."
Mark Segal, the Chief Executive Officer of USF, said the company took the breach seriously and was "committed to protecting the security and confidentiality of health information we gather in providing services to individuals."
The company has locations in New York City, Florida, Georgia, Pennsylvania, Illinois, Alabama, Nevada, Missouri, California, North Carolina, Washington and Virginia.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments