Data security at U.S. Fertility, the largest network of fertility clinics in the United States, with 55 clinics in 10 states, was attacked by cybercriminals in August and September. First, some files containing names, addresses, dates of birth and, in some cases, a Social Security number were copied. Then, the hacker engaged in a ransomware attack.
This is an attack in which hackers lock users out and then demand payment to allow restoration of the system. If the ransom is not paid, hackers often threaten to publish the stolen data.
U.S. Fertility said the attack may have included private health data that could contain patient's medical histories, test results or medical records.
There is no evidence that any of the information was misused.
As a result of the incident the company has fortified its firewall, is monitoring its computer network for suspicious activity and is adapting employee security training on data security and recognizing phishing emails.
US Fertility was formed in May as a partnership between Shady Grove Fertility, which has dozens of locations across the East Coast of the US and Amulet Capital Partners, a private equity firm that invests in the healthcare space.
Data security is a not just a commercial problem for IVF clinics. The American government regards it as a national security issue. A CNBC report in October revealed that a Chinese company had been blocked from buying an IVF clinic in San Diego at some stage during the Trump Administration.
CNBC asked John Demers, a security expert in the Department of Justice, to explain why the government had bothered with IVF clinics.
“Your genetic material, your biological material, is among the most intimate information about you, who you are, what your vulnerabilities may be, what your illnesses have been in the past, what your family medical history is,” he responded. “The Chinese approach is to gather it now, and then figure out what to do with it later.”
This leads to two important worries. First, China could use fertility clinic data to accumulate a database of biological information about Americans.
“That can be used from a counterintelligence perspective to either coerce you or convince you to help the Chinese,” Demers said. “I’d be worried that the Chinese were going to get sensitive personal information about individual Americans, whether it’s their financial information, their health-care information, their genetic information, all of which they could use, from an intelligence perspective, to target that person.”
Second, the information could be weaponised. “I’m not saying that we’ve seen this, but the worst case would be the development of some kind of biological weapon,” Demers said. “If you had all of the data of a population, you might be able to see what the population is most vulnerable to,” he said, “and then develop something that’s taking advantage of that vulnerability.”
Michael Cook is editor of BioEdge
This article is published by
and BioEdge under a Creative Commons licence. You may republish it or translate it free of charge with attribution for non-commercial purposes following these guidelines
. If you teach at a university we ask that your department make a donation. Commercial media must contact us
for permission and fees. Some articles on this site are published under different terms.