Substitute Notice for HIPAA Breach Notification
On February 25, 2023, IVF Michigan and Ohio Fertility Centers (“IVF Michigan”) became the victim of a ransomware attack involving cyber criminals encrypting server data and demanding a ransom payment in exchange for decryption keys to recover the information. IVF Michigan’s security systems automatically responded to the attack almost immediately. In accordance with the emergency protocol, IVF Michigan’s systems were scanned, shut down, and disconnected from the internet.
IVF Michigan became aware of the attack on February 28, 2023, and immediately launched an investigation into the nature and scope of the incident. Steps have been, and are currently being, taken to contain and remediate any potential harm. Upon initial notice that systems were compromised, our software services vendor immediately launched an incident response procedure to contain any existing threat and limit any potential harm.
On February 28, 2023, it was determined with reasonable certainty that certain files were accessed without authorization and likely exfiltrated. As of today, we are aware that some of the files involved in this incident likely contain the following protected health and other information, although there is no indication that the information has been used for any illegal purposes:
- Clinical and health information: diagnosis/conditions, lab results, medications and other related treatment information
- Demographic and other personal information: Name, address/ZIP, date of birth, driver’s license and social security number
- Financial information: Claims information and credit card/bank account numbers
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires IVF Michigan to notify potentially affected individuals of unauthorized disclosures of personal information. IVF Michigan notified impacted individuals by mail on August 4, 2023. This message constitutes substitute service for those individuals we attempted to notify but were unable to reach.
IVF Michigan takes this cyber-attack very seriously. While this letter serves as notification of the cyber incident, we and our experts are continuing to diligently assess the situation and will provide an update should we obtain any additional information regarding the compromise of your personal information.
If you have any questions or believe you may have been one of the individuals with an unknown address, please contact us by phone at 1-888-411-6462, email at [email protected], or by mail at Bloomfield Hills Fertility Center, 37000 Woodward Ave., Suite 350, Bloomfield Hills, MI 48304.
For a PDF copy of this notice, click here.