California Cryobank (CCB), one of the world’s largest reproductive tissue banks, has begun informing consumers about a data breach impacting an unspecified number of individuals. The biotechnology company reported detecting unauthorized activity on certain computers on 21 April last year, and subsequently isolated them from its IT network.
Protecting Data Confidentiality
In a statement, the company said it is committed to protecting the confidentiality and security of the information it maintains. “CCB recently completed our investigation of an incident that involved unauthorized activity on certain computers in our information technology (“IT”) environment.
Upon identifying the activity, it said it isolated the computers from its IT network and launched an investigation. “Through our investigation, CCB determined that an unauthorized party gained access to our IT environment and may have accessed and/or acquired files maintained on certain computer systems between 20 April and 22 April 2024. Out of an abundance of caution, CCB undertook a comprehensive search and review of the files that may have been accessed and/or acquired as a result of the incident.”
The company said its investigation revealed that certain files that were potentially accessed and/or acquired as a result of the incident contain some customer information, including names, and possibly bank account and routing numbers, payment card numbers, and/or health insurance information.
“To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems, CCB said.
It also advised customers to review the statements they receive from their healthcare providers and health insurance plans. “If you see any services that were not received, please contact the provider or health plan immediately. We encourage you to remain vigilant about the possibility of fraud by reviewing your financial account statements for any suspicious activity. You should immediately report any suspicious activity to your financial institution.”
Implement or Re-architect Security Programs
Yogita Parulekar, CEO of Invi Grid Inc, said: “I was about to chalk this off as yet another breach, when I noticed that the Cryobank’s website tells users to create a free account and get donors’ childhood photos, medical histories or get genetic testing and DNA ancestry information. Details are not yet clear on whether any of the PII breached can be linked back to the anonymized donor information. Also, haven’t we seen AI convert childhood photos to adult images of the person? All companies with health, medical or genetic information must act urgently to implement or re architect their security programs.”
“One of the good things about this event, is the security did the right thing by isolating the systems quickly,” added Lawrence Pingree, VP of Dispersive. “What I’d recommend is that all systems be isolated all of the time, so minimal zero trust focused programs should micro-segment by default. Upgrading from older authentication protocols such as Kerberos also helps.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.