Reproductive Biology Associates says the data of approximately 38,000 people may have been exposed in an April ransomware attack.
In a letter from the Georgia-based fertility clinic, together with its affiliate My Egg Bank North America, attorney Matthew Maruca said the organization first became aware of a potential incident on April 16 when it discovered that a file server containing embryology data was encrypted and inaccessible.
"We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor's access, within the same business day," he wrote in the letter. "Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a server containing protected health information on April 10, 2021."
Clinic officials say names, addresses, Social Security numbers, laboratory results, and other sensitive information may have been compromised in the attack.
The letter also states "access to the encrypted files was regained, and we obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession." The letter does not confirm if this happened because the ransom was paid.
The letter with details on the incident can be found here.