Cyber Incident Victim: Colorado Center for Reproductive Medicine Minneapolis

On October 3, 2017, CCRM Minneapolis discovered a ransomware attack targeting its servers, which triggered an immediate investigation into potential data exposure. The unauthorized third party behind the attack demanded a ransom payment, though the specific amount was not disclosed. Forensic analysis confirmed that the attacker may have breached the clinic's computer security systems and potentially accessed patient information stored on the compromised servers. The investigation revealed no evidence confirming actual access or viewing of patient data, nor any indication of subsequent misuse of the information. However, the clinic determined that exposed data could have included names, addresses, phone numbers, dates of birth, email addresses, Social Security numbers, driver's license details, insurance identification numbers, and medical records. The incident specifically impacted information stored on the affected servers at the time of the ransomware attack. CCRM Minneapolis did not publicly disclose whether the ransom was paid or the specific technical vulnerabilities exploited in the attack.

CCRM Minneapolis initiated notification procedures on December 1, 2017, mailing letters to potentially affected patients nearly two months after detecting the breach. The notifications described the nature of the incident and offered a toll-free call center (1-800-939-4170) operational Monday through Friday from 6:00 AM to 5:00 PM Pacific Time for additional inquiries. While maintaining there was no evidence of actual data access or misuse, the clinic implemented undisclosed security improvements to prevent future incidents. The public notice emphasized CCRM Minneapolis's regret over the situation and reiterated their commitment to protecting patient information, characterizing privacy and data security as organizational priorities. No regulatory fines, legal actions, or specific operational disruptions were reported in connection with the breach.