Cyber Incident Victim: ReproSource Fertility Diagnostics
Date:
Aug 2021
Location:
United States of America
Summary
A ransomware attack compromised a fertility clinic owned by Quest, exposing sensitive data of approximately 350,000 patients. The breach involved unauthorized network access, leading to the theft of personal information including names, contact details, dates of birth, billing data, and extensive medical records such as diagnosis codes, test results, and insurance information. Some individuals also had driver’s licenses, passport numbers, Social Security numbers, and financial account details exposed. The clinic contained the incident within hours, initiated an investigation with cybersecurity experts, notified law enforcement, and later provided affected patients with complimentary credit and identity monitoring services. This incident underscores healthcare sector vulnerabilities to ransomware due to the high sensitivity and value of patient data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 8, 2021, an unauthorized party accessed the network of ReproSource, a fertility clinic owned by Quest Diagnostics. The intrusion was discovered on the morning of August 10 when ransomware was detected on the company's systems. Within an hour of identifying the ransomware, ReproSource severed all network connections to contain the incident. The company immediately initiated a comprehensive investigation to determine the cause and scope of the breach, engaging leading cybersecurity experts to assist with forensic analysis. ReproSource confirmed the containment of the ransomware and securely restored operations while promptly notifying law enforcement authorities about the attack. Quest Diagnostics clarified that while ReproSource was affected, the parent company's systems remained uncompromised by this incident.
The data breach exposed protected health information and personally identifiable information belonging to approximately 350,000 patients. Compromised data included names, addresses, phone numbers, email addresses, dates of birth, and billing information. Medical records such as CPT codes, diagnosis codes, test requisitions, results, reports, and medical history were also accessed. Health insurance identification details and information provided by patients or physicians were similarly exposed. For an undisclosed subset of individuals, the breach additionally leaked driver's license numbers, passport numbers, Social Security numbers, financial account numbers, and credit card numbers. ReproSource began notifying affected patients through breach letters starting September 24, 2021, and offered complimentary credit monitoring and identity protection services through Kroll, though the duration of these services was not specified. This incident marked the second major ransomware attack against a fertility clinic in 2021, following an April breach at Georgia-based Reproductive Biology Associates that impacted 38,000 patients. Healthcare organizations globally continue to face disproportionate targeting by ransomware groups due to the high sensitivity of medical data and the critical nature of healthcare operations.