A Twin Cities fertility clinic is dealing with a cyber-attack on its computer system that may have affected more than 3,000 patients.
CCRM Minneapolis says it was the victim of a ransomware attack, meaning someone was holding their patients’ information and asking for money to get it back.
It is an all-inclusive fertility clinic with a surgery center and an invitro-fertilization laboratory. CCRM’s website also describes it as a business that just had a data security incident.
In a statement, the clinic said, “Although at this time there is no evidence that patients’ information was actually accessed or viewed, or any indication of actual misuse of anyone’s information, we have taken steps to notify any patients who may have been affected by this incident.”
“It’s a very personal breach by the nature of the services offered by the fertility clinic,” Cyber Security Expert Mark Lanterman said.
We asked Lanterman to review CCRM’s description of its attack. The clinic says on Oct. 3, they discovered an outsider may have gained access to patients’ names and addresses as well as dates of birth, social security numbers, driver’s license numbers and medical records.
But Lanterman says it doesn’t appear a data breach actually occurred. A ransomware attack means someone has locked you out of your information. It doesn’t mean the criminal has actually viewed what’s there.
“It’s not that these criminals are stealing medical records, it’s that they are encrypting them, making them unusable to the organization so that the organization pays them to regain access to the data,” Lanterman said.
CCRM mailed out letters to patients, notifiying them of the security incident. There’s also a number for patients to call to learn more about what happened.
Lanterman says if you are ever worried you are at risk of identity theft, you can lock your credit report.