EDINA, Minn. - A Twin Cities fertility clinic is warning clients about a data security incident that may have put personal information at risk.
CCRM Minneapolis, which is located in Edina, says the clinic's servers were targeted by a ransomware attack on October 3, which triggered an investigation to determine if sensitive information had been put at risk. The hacker reportedly demanded a ransom.
The probe confirmed that an unknown, unauthorized third-party may have breached the clinic's computer security and viewed or accessed patient information that was on the server. That information includes names, addresses, phone numbers, dates of birth, email addresses, Social Security numbers, driver’s licenses, insurance identification numbers and medical records.
Company spokeswoman Constance Rapson says nearly 3,300 patients were potentially affected.
Although at this time there is no evidence that patients’ information was actually accessed or viewed, or any indication of actual misuse of anyone’s information, we have taken steps to notify any patients who may have been impacted. .
"We take the privacy and security of patient information very seriously, and have taken steps to prevent a similar event from occurring in the future," read a release posted on the CCRM website.
Notification letters mailed to clients on December 1 include additional information about what happened and a toll-free number that patients can call to learn more about the incident. The call center is available at 1-800-939-4170 Monday through Friday between 6:00 a.m. and 5:00 p.m. Pacific Time.
"The privacy and protection of patient information is a top priority for CCRM Minneapolis, P.C., which deeply regrets any inconvenience or concern this incident may cause," read the statement.