fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Hits Largest US Fertility Network, Patient Data Stolen

Ransomware Hits Largest US Fertility Network, Patient Data Stolen

US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020.

The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics and more than 80 physicians.

In total, more than 130,000 babies have been born with the help of partner IVF/fertility practices in the USF network, including but not limited to Shady Grove Fertility, Reproductive Science Center San Francisco, IVF Florida, and Fertility Center of Illinois.

Systems down for over a week

“On September 14, 2020, USF experienced an IT security event [..] that involved the inaccessibility of certain computer systems on our network as a result of a malware infection,” USF said in an official statement.

“Through our immediate investigation and response, we determined that data on a number of servers and workstations connected to our domain had been encrypted by ransomware.”

Third-party forensic experts were retained by USF immediately after detecting the attack to help investigate the security incident.

USF took down the impacted servers and workstations after discovering the attack. USF was able to restore them with the help of third-party computer forensic specialists and reconnect them to the network on September 20.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

The fertility network also informed federal law enforcement authorities about the ransomware attack and continues to work with them throughout the incident investigation.

Protected health information stolen in the attack

“The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access, which occurred between August 12, 2020, and September 14, 2020, when the ransomware was executed,” USF’s breach notification details.

Following a review of all files accessed during the attack that concluded on November 13, USF determined that the files exfiltrated by the unknown ransomware group contained various types of information for each impacted individual including names, addresses, dates of birth, MPI numbers, and Social Security numbers.

“The types of information impacted vary by individual, and we determined that for many individuals, Social Security numbers were not impacted,” USF added.

“Please also note that we have no evidence of actual misuse of any individual’s information as a result of the Incident.”

USF has established a dedicated call center reachable via a toll-free assistance line at 855-914-4699, Monday through Friday from 9:00 am to 9:00 pm EST.

Last month, the U.S. government warned of ongoing Ryuk ransomware attacks against healthcare industry organizations including both hospitals and healthcare providers.

BleepingComputer has reached out to a US Fertility spokesperson for more details but had not heard back at the time of this publication.

Also Read: Letter of Consent MOM: Getting the Details Right

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us