The latest ransomware attack has struck My Egg Bank, a Georgia-based fertility clinic. The company is part of Reproductive Biology Associates, who commented: “We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day. Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a server containing protected health information on April 10, 2021.”
The company reports that the attackers were able to make off with reams of personal information, including full names, addresses, Social Security numbers, laboratory results and, concerningly, information relating to the handling of human tissue.
Looking into the issue for Digital Journal is Casey Ellis, CTO and founder. Ellis provides input on why these attacks are becoming more prolific and best practices to prevent against them.
Ellis looks at the specific data breach and the sensitive and personal nature of the impacted business: “This breach is an intensely personal reminder of the complex cybersecurity risks which exist in all IT security systems.”
Despite the best security, Ellis notes: “Vulnerabilities exist in every platform, and in spite of the best efforts of companies holding data as sensitive as My Egg Bank exposures can and do happen. “
The challenge is big, but there are options for better data security Ellis finds: “The notion of securing data as personal as what has been compromised here against the variety of possible threat actors can seem like an insurmountable task, but that’s where the crowd of hackers acting in good faith comes into level the playing field.”
As an example, Ellis draws on a collaborative approach: “A crowdsourced cybersecurity approach enables healthcare professionals to assess and mitigate the risks associated with disparate data sources and infrastructure so that patients do not have to worry about the privacy of their data.”
This is especially so for the sector affected, says Ellis: “ It’s imperative health organizations up-level their current cybersecurity measures with external security researchers via a bug bounty or vulnerability disclosure program (VDP) to help identify and disclose vulnerabilities before adversaries can exploit them.”
The outcome can lead to better security, Ellis finds: “By doing so, organizations can learn of security issues before the adversary does, protect their users, and avoid a devastating breach. Failing to ensure security at the scale needed will grant attackers access to large quantities of patient data, as well as the ability to inject ransomware into insecure healthcare networks.”