fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fertility Clinic Discloses Data Breach Exposing Patient Info

Fertility Clinic Discloses Data Breach Exposing Patient Info

A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack.

Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and stores them for later use by recipients, including those using the MyEggBank service.

MyEggBank works with multiple fertility centers around the USA, including RBA, to recruit egg donors and create an egg bank where potential recipients can search for a matching egg donor.

Ransomware gang accessed embryology data

In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when “a file server containing embryology data was encrypted and therefore inaccessible.”

However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th.

When ransomware attacks occur, threat actors usually breach a particular system on the network and spend a few days to a week quietly spreading throughout the network while stealing files and deleting backups.

Also Read: How to Choose a Penetration Testing Vendor

While RBA does not explicitly state that they paid a ransom, the data breach notification indicates that they had done so to get a decryptor and prevent the release of stolen data.

“In the course of our ongoing investigation of the incident, on June 7, 2021 we determined the individuals whose personal information was affected,” says the RBA data breach notification.

“Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. “

Reproductive Biology Associates’ investigation has determined that the data stolen during the ransomware attack contained the following information for approximately 38,000 patients:

  • Full Name
  • Address
  • Social Security Number
  • Laboratory Results
  • Information relating to the handling of human tissue

As part of their ongoing investigation, RBA has hired an IT services firm to help determine how the attack was conducted, what data was accessed, and to secure their network and devices.

RBA is also offering affected patients free identity theft monitoring services and is advising affected patients to monitor their credit reports.

What should affected patients do?

While ransomware gangs promise to delete data they steal during an attack if a ransom is paid, there is no way to know if they keep their promise.

Some evidence shows that ransomware gangs do not delete stolen data and may use it against victims again in the future.

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

Due to this, all affected patients should be on the lookout for strange emails or SMS texts regarding the fertility clinic, egg donor information, or other related information.

Patients should also monitor their credit report for fraudulent activity due to the exposure of their social security number.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us