Cyber Incident Victim: Fertility Centers of Illinois
Date:
Sep 2021
Location:
United States of America
Summary
Fertility Centers of Illinois experienced a cybersecurity breach involving unauthorized access to internal systems, compromising sensitive patient and limited employee information. Exposed data included personal identifiers, financial details, medical treatment records, insurance data, and prescription information. The organization detected suspicious activity, later confirming the breach's scope after an investigation, and offered affected individuals credit monitoring services. The incident aligns with broader healthcare sector vulnerabilities where administrative account compromises enable extensive data theft from systems outside electronic health records. A separate but contemporaneous breach at online pharmacy Ravkoo similarly exposed prescription and medical data through a cloud portal intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Fertility Centers of Illinois (FCI) detected suspicious activity within its internal systems on February 1, 2021, triggering an investigation that confirmed unauthorized access to patient data by August 2021. The breach exposed highly sensitive information belonging to current and former patients, including passport numbers, Social Security numbers, financial account details, payment card information, treatment records, physician names, medical billing or claims data, prescription details, and Medicare/Medicaid identifiers. Employee information was also compromised during the incident. FCI did not publicly disclose the exact number of affected individuals but acknowledged the breach involved extensive clinical and insurance-related patient data alongside administrative records. The organization delayed notifying victims until after completing its investigation, ultimately offering one year of complimentary credit monitoring and identity theft protection services. No explanation was provided for the six-month gap between confirming the breach and issuing notifications.
The incident occurred amid a series of cybersecurity breaches targeting fertility clinics in 2021, including ReproSource (owned by Quest Diagnostics) and Reproductive Biology Associates with its affiliate My Egg Bank North America. Cybersecurity experts noted medical organizations frequently store sensitive patient information outside formal electronic health record systems, a practice that potentially contributed to the FCI breach's scope. Attackers reportedly compromised administrative or high-privilege accounts during the intrusion, enabling broad access to diverse data repositories as single points of failure. While FCI did not disclose specific attacker methodologies or containment measures, the breach shared temporal proximity with a separate September 27, 2021, ransomware attack against online pharmacy Ravkoo that exposed prescription data for 105,000 individuals. Both healthcare entities reported their incidents to state authorities and federal agencies including the FBI, with Ravkoo engaging a cybersecurity firm for forensic analysis before notifying victims on January 3, 2022.