IVF Clinics across the UK targeted by Russian hackers

By Iain McLean

Around 19 IVF centres have reported a breach into their systems and compromised patients’ data. 

The breach is believed to have been initiated on November 19th after Qilin, a Russian hacking group, boasted about it on the dark web. 

The London Women’s Clinic, a prestigious IVF clinic, confirmed they were one among the many targets. 

A former patient of the clinic said:  “It’s horrible to think my personal details could be part of a criminal database, with information it was hard to share even with a doctor potentially becoming public knowledge. Fertility challenges are already hard enough. 

“News that they have been hacked is a concern, as obviously the things you share and discuss in those consultations can be incredibly intimate and upsetting, and not the kind of thing you’d want to see plastered on the dark web.” 

The London Women’s Clinic has stated they’re still investigating how the breach happened, with assistance from cyber security experts. 

The Human Fertilisation and Embryology Authority (HFEA) and NHS England also confirmed the hack. 

Rachel Cutting, HFEA’s director of compliance and information, said: “The clinic has informed the HFEA of the incident in line with its regulatory requirements and is giving us regular updates during the course of their full investigation. 

“We appreciate that this incident may be concerning to patients. Any patients who have questions about the incident should contact the clinic. Patients can also access further support through the clinic’s counselling service.” 

A spokesperson for the London Women’s Clinic said: “We wish to reassure our patients that our technical teams took immediate action to shut the incident down, secure our IT systems and begin a thorough investigation with the support of leading cyber-security experts. 

“The incident was quickly contained, and we wish to assure our patients that our systems are secured, and we are operating as normal. 

“We have notified all relevant authorities, including law enforcement, Human Fertilisation and Embryology Authority (HFEA) and Information Commissioner’s Office (ICO) and are co-operating with them on their external investigations. 

“We understand how concerning this will be for our patients. To date, our investigations indicate that our Electronic Medical Records system has not been accessed.

“However we continue to assess any wider impact, and we will contact individuals directly as appropriate to provide support and guidance. 

“Any patients with questions should contact us directly.”

Many fear their information is no longer safe especially if such a prominent institution can be hacked. 

So, do you feel your information is safe?