fbpx

US Fertility Ransomware Attack Data Breach Class Action

The complaint for this class action calls US Fertility “one of the largest services networks for fertility clinics” in the US, “providing administrative, clinical, and business information services.” As part of its work, US Fertility collects a great deal of personal and medical information on fertility patients. However, the complaint alleges that the company did not take adequate measures to protect the information, allowing it to experience a ransomware attack between August 12 and September 14, 2020.

People who use the services of US Fertility are required to provide the company with personally identifying information (PII) in exchange for its health care services. Among the pieces of information US Fertility holds are birthdates, Social Security numbers, driver’s license numbers, treatments and diagnoses, credit and debit card numbers, and financial account information.

The complaint alleges, “Infertility is particularly sensitive and private and those going through treatments to have a baby have reasonable expectations that their PII will be protected and remain confidential.” According to the complaint, this expectation was reinforced by promises made at clinics “that their PII would be kept confidential and used only in accordance with publicly available privacy policies.

Even so, hackers gained access to the PII from around August 12 to around September 14, 2020. US Fertility, however, did not tell patients immediately. Instead, it waited until November 2020 to start telling them. It apparently told them that hackers had gained access to the data before the company became aware of it.

The complaint makes a couple of flat statements about the hack: “US Fertility maintained patient PII in a negligent or reckless manner by storing it on its computer network in a condition it knew or should have known was vulnerable to cyberattacks and US Fertility failed to disclose that it did not have adequately robust computer systems and security practices to safeguard PII.” Also: “US Fertility further failed to properly train its employees and monitor the computer network and systems that housed patient PII, in order to timely discover the Data Breach and implement immediate remedial measures.”

This opens patients up to the dangers of identity theft and fraud in their names.

Three possible classes have been defined for this action:

  • The Nationwide Class is all persons living in the US whose PII was accessed in the data breach.

In the alternative are two other classes:

  • The Maryland-Only Class is all persons living in Maryland whose PII was accessed in the data breach.
  • The Virginia-Only Class is all persons living in Virginia whose PII was accessed in the data breach.
Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

US Fertility Ransomware Attack Data Breach Complaint

March 15, 2021

The complaint for this class action calls US Fertility “one of the largest services networks for fertility clinics” in the US, “providing administrative, clinical, and business information services.” As part of its work, US Fertility collects a great deal of personal and medical information on fertility patients. However, the complaint alleges that the company did not take adequate measures to protect the information, allowing it to experience a ransomware attack between August 12 and September 14, 2020.

US Fertility Ransomware Attack Data Breach Complaint

Case Event History

US Fertility Ransomware Attack Data Breach Complaint

March 15, 2021

The complaint for this class action calls US Fertility “one of the largest services networks for fertility clinics” in the US, “providing administrative, clinical, and business information services.” As part of its work, US Fertility collects a great deal of personal and medical information on fertility patients. However, the complaint alleges that the company did not take adequate measures to protect the information, allowing it to experience a ransomware attack between August 12 and September 14, 2020.

US Fertility Ransomware Attack Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy