Reproductive Biology Associates, LLC (RBA) and its affiliate, MyEggBank, notified approximately 38,000 patients that a data breach involving a ransomware attack had exposed the patients’ full names, addresses, Social Security numbers, laboratory results, and information relating to the handling of human tissue.
RBA stated in the notification that the intrusion by the ransomware group occurred on April 7, 2021 and, three days later, to a server where health information. According to RBA, “Access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession.”
Patients were offered identity theft monitoring and RBA urged patients to monitor their credit report. Unfortunately, credit monitoring will not help patients in the event that the data were not deleted by the criminals, or were sold to other criminals who can use the highly sensitive fertility information in other ways.