Posted On September 30, 2022 Consumer Privacy & Data Breaches
On September 28, 2022, Northern California Fertility Medical Center (“NCFMC”) filed notice of a data breach with various state attorneys’ general offices after the company experienced what appears to have been a ransomware attack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and protected health information. After confirming that consumer data was leaked, NCFMC began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the NCFMC data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Northern California Fertility Medical Center.
The available information regarding the Northern California Fertility Medical Center breach comes from the company’s filing with the California Attorney General’s Office, as well as other state government entities. According to this source, Northern California Fertility Medical Center recently detected a network security incident after an unauthorized party was able to gain access to the company’s network. NCFMC also indicates that the unauthorized party attempted to encrypt some of the files on its network.
In response, the company terminated the unauthorized access, reported the incident to law enforcement, and enlisted the assistance of third-party cybersecurity specialists to help with the company’s investigation.
The Northern California Fertility Medical Center investigation revealed that the unauthorized party was able to access certain files on its network and that some of these files contained sensitive patient information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Northern California Fertility Medical Center began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your full name and status regarding any ultrasound performed at NCFMC as well as any cryopreserved tissue stored at NCFMC.
On September 23, 2022, Northern California Fertility Medical Center sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Established in 1992, the Northern California Fertility Medical Center is a healthcare provider and fertility clinic based in Sacramento, California. The company provides patients with a range of fertility services, such as laparoscopic laser surgery, microsurgery, ovulation induction, artificial insemination, in vitro fertilization, and IVF with egg donation and egg freezing. In 2021, Northern California Fertility Medical Center became an affiliate of the University of California — Davis Health. Northern California Fertility Medical Center employs more than 40 people and generates approximately $10 million in annual revenue.
In its data breach letter, Northern California Fertility Medical Center explains that “an unauthorized third-party infiltrated our network and attempted to encrypt some of our data.” While the letter doesn’t elaborate beyond this, it is very likely that the group of hackers was trying to, and may have successfully, obtained patient data with the intent of using it as collateral to secure the payment of a ransom. Although the company hasn’t confirmed this, the description of the attack is entirely consistent with a ransomware attack. The key is the company’s use of the term “encrypt.”
Encryption is a process that encodes files, making them inaccessible to anyone without the encryption key (which is usually a password). Individuals and companies encrypt files every day to protect sensitive data from unauthorized access. However, cybercriminals also use encryption when carrying out certain types of cyberattacks. Most notably, ransomware attacks.
A ransomware attack occurs when a hacker installs malware that encrypts the files on an organization’s computer. When an employee of the target organization logs back on to their computer, they receive a message explaining that if they want to regain access to their computer, they must first pay a ransom. If the company pays the ransom, the hackers decrypt the files. Generally, hackers keep their word to decrypt files after a company pays a ransom because, if they didn’t, companies would have no incentive to pay a ransom. However, if a company refuses to pay the ransom, hackers may resort to more sinister tactics, such as posting stolen data on the dark web.
Not surprisingly, the FBI advises against paying ransoms following a ransomware attack for the same reason the government doesn’t negotiate with terrorists – it emboldens the attackers. However, this puts target organizations in a difficult position because many would prefer to quietly pay a ransom to avoid news of the breach becoming public.
Of course, companies can—and should—take preventative steps to avoid becoming the target of a ransomware attack. For example, training employees about the risks of phishing emails and developing state-of-the-art data security systems are two relatively easy things companies can do to prevent these attacks. Unfortunately, despite the widespread knowledge of the risks of ransomware attacks, many companies fail to devote adequate resources to the prevention of ransomware attacks.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the NCFMC data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Northern California Fertility Medical Center (the actual notice sent to consumers can be found here):
We are writing in order to inform you of a recent data security incident that may have resulted in unauthorized access to your personal information. At this time, we are unaware of any fraudulent misuse of your information. However, we take the privacy of your personal information seriously, and want to provide you with information and resources you can use to protect your information. This letter contains information about the incident and information about how to protect your personal information going forward.
What Happened and What Information was Involved:
Recently, Northern California Fertility Medical Center (“NCFMC”) detected and stopped a network security incident. An unauthorized third-party infiltrated our network and attempted to encrypt some of our data. We immediately shut off all access to the network and engaged specialized third-party forensic and technical resources to respond to the incident. NCFMC has secured and remediated its network and the data that we maintain.
Once our environment was secure, we immediately initiated a comprehensive investigation into the cause and extent of the unauthorized activity. Although we have found no evidence that your information has been misused as a result of the incident, an investigation revealed that the following categories of your information may have been exposed to the unauthorized party during the compromise: name and status regarding an ultrasound performed at NCFMC and/or cryopreserved tissue stored at NCFMC. We have found no evidence that your medical records were compromised. NCFMC does NOT store social security numbers and does NOT store credit card information on our servers.
As of this writing, NCFMC has not received any reports of related identity theft since the date of the incident.
What We Are Doing:
Data privacy is among NCFMC’s highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information in our care. Upon detecting this incident, we moved quickly to initiate our incident response, which included fully securing and remediating our network and the data that we maintain. We conducted an investigation with the assistance of third-party forensic specialists, and have reported this matter to law enforcement. We have reviewed and altered our tools, policies, and procedures relating to the security of our systems and servers.
What You Can Do:
We encourage you to contact Cyberscout representatives with any questions you may have at 1-800-405-9108. Cyberscout representatives are available Monday through Friday excluding holidays, 8:00 am to 8:00 pm Eastern Time.
Again, at this time, there is no evidence that your information has been misused. Cyberscout representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.
Enclosed you will find additional information regarding the resources available to you, and the steps that you can take to further protect your personal information.
For More Information:
We recognize you may have questions not addressed in this letter. If you have additional questions, please contact Cyberscout at 1-800-405-6108. NCFMC values the privacy and importance of your personal data, and we apologize for any inconvenience or concern that this incident has caused.