Reproductive Biology Associates and MyEggBank hit by ransomware

Fertility clinic discloses data breach after a ransomware attack: personal information accessed

Fertility clinic attacked by ransomwareReproductive Biology Associates and MyEggBank hit by ransomware, suffer data leakage

Reproductive Biology Associates, LLC (RBA) has recently released a notice of data breach,[1] stating that their servers and the ones of their affiliate, My Egg Bank North America, LLC (MBA), were affected by ransomware[2] attack. As a result, cybercriminals managed to obtain the sensitive information of approximately 38,000 patients.[3]

The Georgia-based fertility clinic first spotted the possible cyber infection on April 16, 2021, as one of its servers containing embryology data was inaccessible, and files on it were encrypted. However, in the released statement, the company suggests that the initial breach may have occurred on April 7.

When an initial breach is accomplished, ransomware can look for other devices to spread and send various stored information back to criminal remote servers. When enough data is collected, or the malware reaches main servers, the encryption takes place, and the ransom demands are presented.

This method, called double extortion,[4] became really popular, as the stolen data is then held as leverage until the ransomware attack victims pay the demanded amount, usually in cryptocurrency Bitcoins. If victims don't succumb to the assailants' demands, the stolen data is leaked on the internet or auctioned off to the highest bidder in underground hacker forums.

Attackers claim that the stolen information is deleted and won't be misused

In the abovementioned notice of data breach, the RBA has stated that cybercriminals behind the ransomware attack have managed to obtain the following information from the company's patients:

  • Full names,
  • Home Addresses,
  • Social Security Numbers,
  • Laboratory results,
  • and Information relating to the handling of human tissue.

This stolen information might not seem like much, but cybercriminals could misuse it in a myriad of ways. They could steal identities, open new bank accounts, and so on. Although RBA didn't say whether they've paid the ransom or not but stated that:

Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession.

It is unlikely that threat actors became benevolent out of nowhere and provided decryption software, that's their bread and butter, for their victims for free. Criminals are criminals for a reason, and they cannot be trusted. Therefore, affected patients from RBA have to take action to protect their privacy and overall well-being in terms of cybersecurity.

Personal details have many uses: tips for the ones exposed

This section of the article is not only for RBA-affected patients but for everyone. Cybercriminals are always on the lookout for personal details (full name, address, phone number, SSN, credit card info, etc.). They can either sell it in underground forums or use it themselves.

If you have a hunch that your personal information might be compromised (or someone informs you that it is), you have to take action immediately. The main preventive action you need to make is either put a temporary freeze on your credit reports or at least monitor it daily.

That will disable the threat actors from taking out loans, opening new credit lines, or misusing your details for similar cybercrimes. Reproductive Biology Associates recognizes the possibility of a data leak and offers all affected patients free monitoring services.[5]

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions