Data from a private fertility clinic has been put at risk following a ransomware attack that hit a document management firm.
The Lister Fertility Clinic said that Stor-a-file Limited, which the clinic uses for scanning medical records, had been “hacked” by a “cyber-gang” in a letter that it sent to its 1700 patients.
The document management firm revealed that 13 organizations had been impacted, with six being healthcare-related.
While it had informed the police and the Information Commissioner’s Office, Store-a-file Limited said that the possibility hackers accessed medical information “cannot be ruled out.”
“From our investigations, the incident is limited to the small number of records we hold electronically,” it said.
In a letter that The Lister Fertility Clinic sent to its 1700 patients, it said that patient medical records were on the Stor-a-file IT system affected by the attack. The medical records included consent forms, medical history and test results, treatment recommendations and fertility treatment records. Credit or debit card details were not included.
“We were advised by Stor-a-file that the cyber-gang that accessed their systems made a ransom demand which was not paid, and that the gang has released some of the data that they accessed on the dark web,” it added.
Commenting on the news, George Papamargaritis, MSS Director of Obrela Security Industries, said: “This is a devastating cyber-attack. The information could be used in further extortion attacks or sold on the dark web, with healthcare information earning cyber-criminals much more money than credit card data.
“Healthcare organizations have recently become a major target for cyber-criminals, with a recent study from Obrela revealing that 81% of UK healthcare organizations have suffered a ransomware attack in the last year, which resulted in 38% paying a ransom demand.
“Given these increased attacks, healthcare organizations must work to prioritize their cybersecurity now, by implementing tools which prevent prioritize getting into systems and deploying malware, while always verifying the security of their supply chain.”