Connect with us

Hi, what are you looking for?

Tech & Science

Leading fertility clinic falls victim of ransomware attack

This breach is an intensely personal reminder of the complex cybersecurity risks which exist in all IT security systems.

Latin America passes 1 million Covid deaths as IMF proposes $50 bn plan
A nurse prepares a dose of the Pfizer vaccine on Taboga Island in Panama on May 21, 2021 - Copyright AFP NISHA BHANDARI
A nurse prepares a dose of the Pfizer vaccine on Taboga Island in Panama on May 21, 2021 - Copyright AFP NISHA BHANDARI

The latest ransomware attack has struck My Egg Bank, a Georgia-based fertility clinic. The company is part of Reproductive Biology Associates, who commented: “We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actor’s access, within the same business day. Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a server containing protected health information on April 10, 2021.”

The company reports that the attackers were able to make off with reams of personal information, including full names, addresses, Social Security numbers, laboratory results and, concerningly, information relating to the handling of human tissue.

Looking into the issue for Digital Journal is Casey Ellis, CTO and founder. Ellis provides input on why these attacks are becoming more prolific and best practices to prevent against them.

Ellis looks at the specific data breach and the sensitive and personal nature of the impacted business: “This breach is an intensely personal reminder of the complex cybersecurity risks which exist in all IT security systems.”

Despite the best security, Ellis notes: “Vulnerabilities exist in every platform, and in spite of the best efforts of companies holding data as sensitive as My Egg Bank exposures can and do happen. “

The challenge is big, but there are options for better data security Ellis finds: “The notion of securing data as personal as what has been compromised here against the variety of possible threat actors can seem like an insurmountable task, but that’s where the crowd of hackers acting in good faith comes into level the playing field.”

As an example, Ellis draws on a collaborative approach: “A crowdsourced cybersecurity approach enables healthcare professionals to assess and mitigate the risks associated with disparate data sources and infrastructure so that patients do not have to worry about the privacy of their data.”

This is especially so for the sector affected, says Ellis: “ It’s imperative health organizations up-level their current cybersecurity measures with external security researchers via a bug bounty or vulnerability disclosure program (VDP) to help identify and disclose vulnerabilities before adversaries can exploit them.”

The outcome can lead to better security, Ellis finds: “By doing so, organizations can learn of security issues before the adversary does, protect their users, and avoid a devastating breach. Failing to ensure security at the scale needed will grant attackers access to large quantities of patient data, as well as the ability to inject ransomware into insecure healthcare networks.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

There is no stated power in the US Constitution to regulate human reproduction.

Life

A small dog looking at a christmas tree which has colored lights. Source - Trogain, CC SA 4.0.If you are having trouble finding a...

Tech & Science

The hunt for answers - like whether the Omicron variant will trigger new waves of infection.

Life

The new Omicron coronavirus variant has a high number of mutations which the WHO believes may make it more transmissible or resistant to vaccines...