A Chicago-based Fertility Centers of Illinois (FCI) has suffered a data breach, impacting 79,943 current and former patients. According to a breach notification by FCI, the incident did not compromise its electronic medical records system, however, an unauthorized third party secured access to some of the patients’ protected health information (PHI) and private files belonging to FCI employees.
FCI detected the breach on its internal systems on Feb 01, 2021, and took instant action to secure its systems. Independent forensic specialists were then hired to determine the nature and scope of the security breach. Fertility Centers of Illinois reported the data breach to the Department of Health and Human Services’ Office for Civil Rights (OCR), affecting nearly 80,000 current and former patients.
Although the exact modus operandi of the attack remains unknown, the compromised files contained a range of patient data, including names in combination with one or more of the following types of details:
Social Security numbers, passport numbers, financial account information, payment card information, diagnoses, treatment information, medical record numbers, billing/claims information, prescription information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, referring physicians, usernames and passwords with PINs, or account login information.
Staff data most likely compromised in the cyber-attack included names, employer-assigned identification numbers, ill-health/retirement information, occupational health-related information, medical benefits and entitlements information, patkeys/reason for absence, and sickness certificates.
To mitigate further risks, FCI has enhanced its cybersecurity system, including executing business-class identity verification software and providing extra training to its employees on cybersecurity practices.
"Additional security measures have been taken since the incident to further secure access to data, individual accounts, and equipment, including the implementation of enterprise identity verification software," FCI says. The organization is also offering affected individuals complimentary credit monitoring and identity theft protection services for 12 months through Equifax.
In recent years, the healthcare industry has been the sweet spot for threat actors as the benefits are huge. Last week, Florida’s Broward Health System confirmed the data breach of 1,357,879 patients. In November 2021, a fertility clinic in the United Kingdom also became the victim of attackers when ransomware was employed to target a medical record scanning firm used by Lister Fertility Clinic.
