ORM Fertility Data Breach Exposes PHI

On August 27, 2024, Oregon Reproductive Medicine, LLC, also known as ORM Fertility, experienced a significant data breach. The breach occurred over a two-day period, from August 26 to August 27, 2024, when an unauthorized actor accessed certain data from ORM Fertility's systems.

The breach did not affect the company's Electronic Medical Records (EMR), email, Customer Relationship Management system (CRM), or financial and insurance information. However, it potentially involved sensitive information such as first and last names combined with other data elements.

The breach was reported to the Massachusetts Attorney General's office on January 29, 2025, and affected at least four individuals in Massachusetts.

Oregon Reproductive Medicine's Response

In response to the breach, ORM Fertility took action to secure their systems and launched a thorough investigation with the help of third-party computer forensic specialists. They have implemented additional technical safeguards to prevent future incidents and are offering complimentary credit monitoring and identity protection services to those affected.

ORM Fertility advises individuals to remain vigilant by reviewing their credit reports and account statements for any suspicious activity. Affected individuals can enroll in these protective services by following the instructions provided in the notification letter.

For more information, affected individuals can contact ORM Fertility directly or visit their website.

For more detailed information about the breach, you can view the disclosure on the Massachusetts Attorney General's website.