Cyber Incident Victim: US Fertility
Date:
Sep 2020
Location:
United States of America
Summary
A ransomware attack compromised the largest US fertility network, leading to system encryption and data theft affecting patient information including names, addresses, dates of birth, medical identifiers, and limited Social Security numbers. Unauthorized access persisted for over a month before detection, prompting immediate system isolation, forensic investigation, and restoration efforts with third-party specialists. The organization notified federal law enforcement and established support services, confirming no evidence of data misuse while acknowledging potential exposure of sensitive personal details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
US Fertility (USF), the largest network of fertility centers in the United States operating 55 locations across 10 states, experienced a ransomware attack that encrypted systems and compromised patient data. The incident began with unauthorized access to USF's network on August 12, 2020, which continued undetected until September 14, 2020, when the organization discovered active malware infection causing system inaccessibility. Forensic analysis determined that ransomware operators had encrypted data on multiple domain-connected servers and workstations. USF immediately engaged third-party computer forensic specialists to investigate the breach and disconnected all impacted systems from the network. Through coordinated remediation efforts, the organization successfully restored encrypted systems and returned them to operational status by September 20, 2020 – six days after initial detection. USF concurrently notified federal law enforcement agencies about the attack and maintained ongoing cooperation with authorities throughout the investigation process.
The forensic examination revealed that attackers exfiltrated files containing sensitive patient information during the two-month network access period. Compromised data included patient names, physical addresses, dates of birth, medical patient identifier (MPI) numbers, and Social Security numbers, though USF clarified that many individuals' Social Security numbers remained unaffected. While confirming data theft, the organization stated no evidence suggested misuse of the stolen information. USF established a dedicated toll-free assistance line (855-914-4699) operating Monday through Friday from 9:00 am to 9:00 pm EST to address patient concerns. The network's clinical operations spanned numerous partner practices responsible for approximately 25,000 IVF cycles in 2018 and over 130,000 births, including major facilities such as Shady Grove Fertility, Reproductive Science Center San Francisco, IVF Florida, and Fertility Center of Illinois. System restoration relied heavily on collaboration with third-party cybersecurity experts who assisted in forensic analysis and infrastructure recovery following the containment measures implemented on September 14.