IVF Michigan, P.C.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

IVF Michigan, P.C., experienced a significant data breach that was first identified on February 28, 2023, following a ransomware attack initiated on February 25, 2023. This cyberattack involved unauthorized access to the clinic’s server data, which was encrypted by cybercriminals demanding a ransom for decryption keys. The clinic’s security systems responded promptly to the attack, leading to immediate measures including scanning, shutting down, and disconnecting the compromised systems from the internet to contain and mitigate potential harm[1].

The breach investigation revealed that certain files were accessed without authorization and were likely exfiltrated. The compromised data included sensitive protected health information (PHI) and personal information of an unspecified number of individuals. The types of information potentially exposed in the breach encompassed clinical and health information such as diagnoses, lab results, medications, and treatment details, along with demographic and personal information including names, addresses, dates of birth, driver’s license numbers, and social security numbers. Financial information such as claims data and credit card or bank account numbers was also likely accessed[1].

In response to the breach, IVF Michigan took several steps to address and remediate the incident, including notifying impacted individuals by mail on August 4, 2023, and providing substitute notice for those they were unable to reach directly. The clinic has emphasized its commitment to taking the cyberattack seriously and continues to assess the situation diligently, promising to update affected individuals if new information regarding the compromise of their personal information emerges[1].

For individuals concerned they might be affected by this breach, IVF Michigan has provided contact information for inquiries and further assistance. They have also recommended steps for affected individuals to protect their personal information, such as enrolling in free credit monitoring services offered by the clinic, changing passwords and security questions for online accounts, regularly reviewing account statements, monitoring credit reports, and placing a fraud alert with credit bureaus[1][4].

This incident underscores the growing threat of cyberattacks on healthcare providers and the importance of robust cybersecurity measures to protect sensitive patient information.

Citations:

  1. https://ivf-mi.com/2023/08/07/notice-of-data-breach/
  2. https://buckfirelaw.com/case-types/medical-malpractice/hospital-data-breach/
  3. https://www.courts.michigan.gov/4a52d3/siteassets/publications/coa-bound-volumes/bv_miapp294_final.pdf
  4. https://www.turkestrauss.com/2023/08/16/ivf-michigan-ohio-fertility-centers-data-breach-investigation/
  5. https://dojmt.gov/consumer/databreach/
  6. https://buckfirelaw.com/case-types/medical-malpractice/failure-to-diagnose/
  7. https://ivf-mi.com/blog/
  8. https://www.hipaajournal.com/september-2022-healthcare-data-breach-report/
  9. https://www.courts.michigan.gov/490ae0/siteassets/publications/benchbooks/cpp/cpp.pdf
  10. https://buckfirelaw.com/case-types/medical-malpractice/fertility-clinics/
  11. https://buckfirelaw.com/case-types/medical-malpractice/misdiagnosis/
  12. https://ivf-mi.com/2023/04/11/grand-rapids-fertility-center/
  13. https://kindbody.com/terms-of-use-2024/
  14. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  15. https://www.sciencedirect.com/science/article/pii/S0015028223005198
  16. https://ivf-mi.com/2022/07/25/happy-world-embryologist-day/
  17. https://ivf-mi.com
Breach Submission Date Jul 18, 2023
Converted Entity Name IVF Michigan, P.C.
Converted Entity Type Healthcare Provider
State MI
Individuals Affected 9,383
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes