Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT

US Fertility Says Patient Data Was Stolen in a Ransomware Attack (techcrunch.com) 15

U.S. Fertility, one of the largest networks of fertility clinics in the United States, has confirmed it was hit by a ransomware attack and that data was taken. From a report: The company was formed in May as a partnership between Shady Grove Fertility, a fertility clinic with dozens of locations across the U.S. east coast, and Amulet Capital Partners, a private equity firm that invests largely in the healthcare space. As a joint venture, U.S. Fertility now claims 55 locations across the U.S., including California. In a statement, U.S. Fertility said that the hackers "acquired a limited number of files" during the month that they were in its systems, until the ransomware was triggered on September 14. That's a common technique of data-stealing ransomware, which steals data before encrypting the victim's network for ransom. Some ransomware groups publish the stolen files on their websites if their ransom demand isn't paid. U.S. Fertility said some personal information, like names and addresses, were taken in the attack. Some patients also had their Social Security numbers taken. But the company warned that the attack may have involved protected health information.
This discussion has been archived. No new comments can be posted.

US Fertility Says Patient Data Was Stolen in a Ransomware Attack

Comments Filter:
  • by RitchCraft ( 6454710 ) on Thursday November 26, 2020 @11:33AM (#60768116)
    that the storage of personal data connected to the web needs to be halted until a reliable means of security can be created. Every single day there are multiple reports of either criminal attacks or mishandling of data that causes the breach of confidential information. What is truly alarming is the lack of punishment companies face for these breaches. This is why they continue to act in this reckless manner.
    • Agreed. It's one thing to say "criminals stole data", but that shouldn't relieve a company of liability if they left their door unlocked.

      • by dknj ( 441802 )

        I could leave my business door unlocked and my insurance company would refund me for everything that was lost minus deductable. The next time I get my insurance quote it will be higher because i am a liability. Business liability insurance is no different. It was dirt cheap for them and they let their security wane. Now their next insurance quote will be much much higher and they will need to adapt to that. So what do we want, a slap on the wrist which they currently get (government fines + increased i

    • The internet is way, way too valuable. The amount of time and money that would need to be spent doing what you're suggesting is in the tens if not hundreds of billions.

      Also, realistically, none of this matters. Aside from the Ashley Madison breach none of these have had all that much impact. It means you have to watch your credit card statement, that's about it.

      I never understand why people worry so much about their privacy and then ignore stuff like this [slashdot.org] or the fact that a handful of corporations a
    • by gweihir ( 88907 )

      Actually, security can be done there just as well as in the traditional space. The problem is that people do not pay attention to it, do not get qualified (expensive) experts, do not run external pen-tests and security audits, and, and that is the killer, nothing happens to the C-level screw-ups that are responsible. Unless and until personal responsibility and criminal liability for the CEO that fucked this up is established, nothing will chance.

      I am not saying a CEO should go to prison and lose his person

  • Who's going to jail for this?
    • by gweihir ( 88907 )

      Exactly. The CEO is a definite one, for others it depends. But at least the CISO should get a close, hard look as well, and the CIO may also be on the hook. Anybody below that level may have screwed up, bit that is because they were not qualified for their position and that is not their fault and not their responsibility to assure. Also, there is a real question whether the board did take its supervisory role seriously or whether they screwed up as well.

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...