Illinois Fertility Centers Breached ! PII Stolen
Fertility clinics in northern Illinois has suffered a data breach following an unspecified cyberattack. The attack struck Fertility Centers of Illinois PLLCn with 79,943 current and former patients potentially having their personal information being stolen. Information accessed includes Social Security and passport numbers, payment card information, medical records, health insurance information, account numbers, user names and passwords.
PII relating to the company’s employees was also accessed. Patients and employees affected have been notified of the breach by mail and have been offered complimentary credit monitoring and identify theft protection services for 12 months.
The suspicious activity which involved a network server and an administrative account, was first detected on Feb. 1, with the company taking action to secure its systems. FCI then hired independent forensic investigators to determine the nature and scope of the security breach. This was happened during last year and now only coming in to limelight due to company not informed U.S Health Department
FCI has stated that they followed reasonable practices to protect their users and that an administrative account was used to obtain the data, But these higher privileged accounts often have access to widespread data and act as a single point of failure, as evidenced by the large amount of user data exposed.When these privileged accounts cannot be limited, then strong monitoring must be enforced.