Posted On May 18, 2023 Consumer Privacy & Data Breaches
May 18 – Fertility Specialists Medical Group confirmed on May 15, 2023, that an unauthorized third party had gained unlawful access to personal patient data kept on the company’s computer network, prompting the company to submit a notification of data breach with the Montana Attorney General. According to the company’s report, the event led to a third party acquiring access to the names, protected health information, dates of birth, and addresses of patients. Once it was determined that patient information had been compromised, FSMG immediately started notifying those who were affected by sending letters.
Data breach lawyers at Console & Associates, P.C. are presently investigating what happened at Fertility Specialists Medical Group. It is important to be cautious if you have received a letter from Fertility Specialists Medical Group since your personal information might have been stolen. Call us for a free consultation to discuss the data breach, how best to protect yourself, and whether or not you have legal recourse against Fertility Specialists Medical Group.
Fertility Specialists Medical Group is a healthcare provider with a specialization in fertility therapy and offers services such as IVF, mini-IVF, fertility testing and diagnosis, preimplantation genetic testing, ovulation induction, and IUI. FSMG has two locations: its headquarters in San Diego, California, and another in Carlsbad, California. More than 30 individuals are employed by Fertility Specialists Medical Group, and the company generates a yearly income of over $5 million.
FSMG reported to the Montana Attorney General on March 20, 2023 that it suspected an outside entity had acquired access to the company’s computer system. The business’s reaction was to tighten security throughout its network and bring in an outside data security firm to look into the matter.
The FSMG inquiry uncovered evidence that an outsider had hacked into the company’s servers. Furthermore, FSMG discovered that sensitive patient data was included in some of the files that the hackers could access.
After learning that private patient information had fallen into the wrong hands, Fertility Specialists Medical Group reviewed the compromised files to ascertain what data had been exposed and how many patients had been affected. Your name, protected health information, date of birth, and address may have been compromised; however, the specific information compromised may vary from person to person.
Data breach notices were sent out by Fertility Specialists Medical Group to all affected patients on May 15, 2023.
Patients’ protected health information was among the several categories of data exposed in the data breach at Fertility Specialists Medical Group. Protected health information (PHI) is any data collected by healthcare providers about an individual while they are getting treatment. Examples of protected health information include test and laboratory results, patient demographics, health insurance data, and details about a patient’s mental state.
Not all data pertaining to healthcare is deemed “protected;” only information that contains an identifier is designated PHI. This is due to the impossibility of linking a patient to stolen information in the absence of a unique identifier.
HIPAA, short for the Health Insurance Portability and Accountability Act of 1996, specifies a total of eighteen distinct identifiers, including your name, Social Security number, account number, and other identifying information like photographs and biometrics.
As previously mentioned, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, regulates the gathering and use of protected health information. The “privacy rule,” which “protects all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral,” is one of the most crucial provisions of HIPAA. Simply put, medical professionals are prohibited from disclosing any information that is covered by the Privacy Rule unless the patient has given permission, or the Privacy Rule otherwise permits it. And significantly, even an unintentional disclosure of patient data may still breach the privacy requirement.
The collection and use of PHI is governed under HIPAA. One of the most important parts of HIPAA is the “privacy rule,” which “protects all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral,” Unless the patient has granted consent or the Privacy Rule otherwise enables it, medical personnel are not allowed to disclose any information that is protected by the Privacy Rule. Even if the information was disclosed accidentally, it could still be considered a breach of the privacy rule.
Health records include sensitive information that should be protected from unauthorized access. Healthcare data breaches not only pose privacy concerns but also expose patients to financial and possibly physical danger.
If a hacker steals your PHI, they may sell it on the dark web to a criminal buyer looking to acquire free medical treatment. If a criminal gets their hands on your personal data, they may pretend to be you at the doctor’s office. In addition to leaving you on the hook for their medical expenses, having someone else get treatment in your name can lead to false and misleading information being recorded in your medical files, such as if the imposter gives the doctor your name and insurance information but gives the doctor their own medical history and list of medications.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Fertility Specialists Medical Group data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the notice posted on their website:
Carlsbad, CA – May 15, 2023 – Fertility Specialists Medical Group (“FSMG”) notified certain current and former patients that their personal information may have been accessed as part of cybersecurity incident. FSMG takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened On March 20, 2023, FSMG was the victim of a cyber security incident that involved an unauthorized party gaining access to our network environment. Upon discovering the incident, we immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Our investigation, which concluded on April 21, 2023, determined an unauthorized third party may have acquired certain individual personal and health information during this incident. FSMG is providing written notice to all impacted individuals. FSMG has no reason to believe that any individual’s information has been misused as a result of this event. As of this writing, FSMG has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered (March 20, 2023 to present).
What Information Was Involved Again, we found no evidence that patient information has been specifically misused. However, the following information was potentially exposed to an unauthorized third party: first and last name, date of birth, social security number, and medical information. Notably, not every individual’s Social Security number was exposed.
What We Are Doing Security and privacy of patient data is among FSMG’s highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included retaining third-party IT specialists to confirm the security of our network environment. We are constantly reviewing our technical safeguards to prevent a similar incident. We are committed to helping those people who may have been impacted by this unfortunate situation.
The notification letter to the potentially impacted individuals includes steps that they can take to protect their information. In order to address any concerns and mitigate any exposure or risk of harm following this incident, FSMG has arranged for complimentary credit monitoring services and identity theft protection services to all potentially impacted individuals at no cost to them for a period of twelve months. FSMG recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
For More Information For individuals seeking more information or questions about this incident, please call FSMG’s dedicated toll-free helpline at 1-833-570-3088 on Monday through Friday between 8:00 am to 8:00 pm PDT, excluding holidays. In addition, individuals may visit FSMG’s website for more information at [Redacted].
FSMG sincerely apologizes for any inconvenience this incident may cause to members of its community and remains dedicated to maintaining the security and protection of all patient information in its control.