Reproductive Biology Associates and its affiliate My Egg bank North America issued a breach notification involving a ransomware incident that impacted the Atlanta entities. According to the notification submitted to Maine’s Attorney General’s office and similar statements posted on their web sites, the entities first became aware of a potentiality data incident on April 16, 2021 when they discovered that a file server containing embryology data was encrypted and therefore inaccessible. They report that they quickly determined that this was a ransomware assail and they shut down the affected server, thus terminating the actors access, within the same business day. Based on their investigation, they believe the threat histrion gained access to the system on april 7 and gained access to the server with ePHI on april 10. On June 7, they determined which individuals had been impacted. The entities do not forthrightly nation that they then paid the threat actor’s ransom demand, but that seems to live a justifiable inference presumption that their next statement was that access to the encrypted files was regained and We obtained confirmation from the doer that all exposed data was deleted and is no longer in its possession. While it is not totally impossible that terror actors might voluntarily just delete data, it is highly unlikely and much more likely that these entities paid ransom. Despite having paid ransom, the entities took other measures to protect patient data: they conducted web searches to see if the data showed up anywhere and tone that they are continuing to monitor for that. They do not point whether they searched dark web forums as well, but that would be a reasonable approach to include. They have also offered affected individuals credit monitoring services. For those patients whose data had been accessed or exfiltrated, the data types included name, address, social certificate Number, laboratory results, date of birth, and information relating to the handling of human tissue. in response to the breach, the entities have taken other steps. They write: As a outcome of this incident, we have initiated an investigation through a leading professional IT services firm to direct interviews and analyze forensic data related to the incident. Specifically, we experience deployed device tracking and monitoring to aid take and investigate the range of the incident, as well as performed forensic analyses to translate the scope of the incident. We have also applied additional internal controls and have provided additional cybersecurity training to our staff to preclude this type of incident from occurring in the future. These controls include working with a cybersecurity service provider to remediate actions taken by the actor and reinstate our systems, updating, patching, and in some cases replacing infrastructure to the latest versions, deploying password resets to appropriate users, rebuilding impacted systems, and deploying advanced antivirus and malware protection. According to their notification to Maine, 38,538 patients were being notified this week.