Nationwide fertility clinic says hackers may have stolen sensitive information on patients

The latest headlines from our reporters across the US sent straight to your inbox each weekday

Your briefing on the latest headlines from across the US

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

US Fertility, which has 55 clinics across the country, reported that it was victim of a ransomware attack and that the names, addresses and in some cases the private health information and Social Security numbers of patients may have been stolen.

The company issued a statement saying hackers "acquired a limited number of files" in a ransomware attack on 14 September that was fixed six days later.

The company did not say how many patients were affected by the attack. It is unclear why the company waited two months to reveal it was attacked.

"The forensic investigation is now concluded and confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access which occurred between August 12 and September 14, when the ransomware was executed," the company said in a statement.

In a ransomware attack, hackers will steal data before locking the victims out of their networks. The hackers then demand a payment of some kind before they will restore the systems. If the ransom is not paid, then the hackers will frequently threaten to publish the data they have stolen.

The company said the attack may have included private health data that could contain patient's medical histories, test results or medical records.

In response to the attack, the company said it has strengthened its firewall and has notified those whose data was at risk.

"We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of the information entrusted to us," the company said in a statement. "We have no evidence of actual misuse of any individual’s information as a result of this incident."

Mark Segal, the Chief Executive Officer of USF, said the company took the breach seriously and was "committed to protecting the security and confidentiality of health information we gather in providing services to individuals."

The company has locations in New York City, Florida, Georgia, Pennsylvania, Illinois, Alabama, Nevada, Missouri, California, North Carolina, Washington and Virginia.