ReproSource Fertility Diagnostics based in Malborough, MA has encountered a ransomware attack that allowed hackers to get access to networks holding the protected health information (PHI) of roughly 350,000 patients.
ReproSource is a top reproductive health lab owned by Quest Diagnostics. The company learned about the ransomware attack on August 10, 2021 and immediately cut network links to control the attack. The security breach investigation confirmed that the attack happened on August 8.
Although it is probable that the attackers exfiltrated patient information before deploying the ransomware, at this point, there is no proof found that there was data theft.
An analysis of the data files stored on the breached systems was finished on September 24 and showed they included these types of PHI:
Names, telephone numbers, addresses, email addresses, birth dates, billing, and medical information (CPT codes, test requisitions and results, diagnosis codes, test reports and/or medical background details), medical insurance or group plan ID names and numbers, and other data given by patients or by treating doctors. The passport number, driver’s license number, Social Security number, credit card number, or financial account number of a small number of people might have been exposed.
Quest Diagnostics already sent the notification letters to impacted people. Free credit monitoring and protection services are given to impacted persons, who will likewise be covered by an identity theft insurance policy worth $1,000,000.
ReproSource stated more safety measures, such as extra monitoring and detection solutions, were put in place to secure against ransomware attacks and other cyber attacks.