25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

New Jersey IVF Clinic Hack Sees PHI of 14,000 Patients Potentially Compromised

Posted By on May 10, 2017

A third-party server hosting the electronic health record database of the New Jersey Diamond Institute for Infertility and Menopause has been hacked and access gained by an unauthorized individual.

The Diamond Institute says its database and EHR system was encrypted, so the attackers were unable to access patient health records, although many unencrypted supporting documents were also stored on the server and may have been accessed.

It is unclear when the attack took place, although the Diamond Institute learned of the cyberattack on February 27, 2017. A full investigation was rapidly initiated and steps taken to secure the server to prevent further unauthorized activity.

The investigation involved checking all documents to determine the patients impacted and the types of data that could potentially have been viewed or copied. The documents were found to contain a limited amount of protected health information relating to more than 14,000 patients. Those data included patients’ names, addresses, birth dates, Social Security numbers, sonograms and lab test results.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach has prompted the Diamond Institute to perform a full password reset and update its firewall to prevent similar attacks from occurring in the future. Virtual network credentials have also been changed and all unused open ports have now been closed.

The investigation did not uncover any evidence to suggest that information contained in the documents has been misused as a result of the incident, although patients have been provided with resources to protect their identities and prevent future fraudulent uses of their data.

Since highly sensitive protected health information has potentially been accessed and copied by the attackers, out of an abundance of caution, all patients affected by the security breach are being offered credit monitoring and identity theft restoration services for 12 months without charge.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights shows 14,633 individuals have been impacted by the incident.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist