Reproductive biology Associates and its affiliate My Egg cant northward America issued a breach notification involving a ransomware incident that impacted the Atlanta entities. According to the notification submitted to Maine’s attorney General’s Office and similar statements posted on their web sites, the entities first became aware of a potential data incident on April 16, 2021 when they discovered that a file server containing embryology data was encrypted and therefore inaccessible. They account that they quickly determined that this was a ransomware onslaught and they shut down the affected server, thus terminating the actors access, within the same concern day. Based on their investigation, they believe the threat worker gained access to the system on April 7 and gained access to the server with ePHI on april 10. On June 7, they determined which individuals had been impacted. The entities make not forthrightly land that they then paid the threat actor’s ransom demand, but that seems to live a justifiable inference presumption that their next statement was that access to the encrypted files was regained and We obtained confirmation from the actor that all exposed data was deleted and is no longer in its possession. piece it is not totally impossible that terror actors mightiness voluntarily just delete data, it is highly unlikely and much more likely that these entities paid ransom. Despite having paid ransom, the entities took other measures to protect patient data: they conducted web searches to ensure if the data showed up anywhere and mention that they are continuing to monitor for that. They do not indicate whether they searched dark web forums as well, but that would be a reasonable approach to include. They have also offered affected individuals credit monitoring services. For those patients whose data had been accessed or exfiltrated, the data types included name, address, Social Security Number, laboratory results, date of birth, and info relating to the handling of human tissue. In response to the breach, the entities make taken other steps. They write: As a result of this incident, we have initiated an investigation through a leading professional IT services firm to direct interviews and canvass forensic data related to the incident. Specifically, we make deployed device tracking and monitoring to help contain and investigate the scope of the incident, as well as performed forensic analyses to understand the scope of the incident. We have also applied additional internal controls and have provided additional cybersecurity training to our staff to forestall this type of incident from occurring in the future. These controls include working with a cybersecurity service provider to remediate actions taken by the actor and restore our systems, updating, patching, and in some cases replacing infrastructure to the latest versions, deploying password resets to appropriate users, rebuilding impacted systems, and deploying advanced antivirus and malware protection. According to their notification to Maine, 38,538 patients were being notified this week.