350,000 ReproSource Fertility Diagnostics Patients Impacted by Ransomware Attack

ReproSource Fertility Diagnostics based in Malborough, MA has encountered a ransomware attack that allowed hackers to get access to networks holding the protected health information (PHI) of roughly 350,000 patients.

ReproSource is a top reproductive health lab owned by Quest Diagnostics. The company learned about the ransomware attack on August 10, 2021 and immediately cut network links to control the attack. The security breach investigation confirmed that the attack happened on August 8.

Although it is probable that the attackers exfiltrated patient information before deploying the ransomware, at this point, there is no proof found that there was data theft.

An analysis of the data files stored on the breached systems was finished on September 24 and showed they included these types of PHI:

Names, telephone numbers, addresses, email addresses, birth dates, billing, and medical information (CPT codes, test requisitions and results, diagnosis codes, test reports and/or medical background details), medical insurance or group plan ID names and numbers, and other data given by patients or by treating doctors. The passport number, driver’s license number, Social Security number, credit card number, or financial account number of a small number of people might have been exposed.

Quest Diagnostics already sent the notification letters to impacted people. Free credit monitoring and protection services are given to impacted persons, who will likewise be covered by an identity theft insurance policy worth $1,000,000.

ReproSource stated more safety measures, such as extra monitoring and detection solutions, were put in place to secure against ransomware attacks and other cyber attacks.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA