Strauss Borrelli PLLC, a leading data breach law firm, is investigating Oregon Reproductive Medicine, LLC, which does business as ORM Fertility (“ORM”), regarding its recent data breach. The ORM data breach may have involved sensitive personal identifiable information and protected health information belonging to an undetermined number of individuals.
ABOUT OREGON REPRODUCTIVE MEDICINE, LLC D/B/A ORM FERTILITY:
ORM is a fertility center based in Oregon. Founded in 1989, ORM offers individuals and couples a wide variety of treatment options, such as genetic testing, advanced In Vitro Fertilization (IVF) technology, as well as an in-house genetics team and a highly selective, medically screened Donor Egg Program.2 Additionally, ORM is a partner of the Pinnacle Fertility network, a collaboration of over 25 high-performing fertility clinics and comprehensive fertility service providers.2 Headquartered in Portland, Oregon, ORM has an additional location in Oregon and employs over 50 individuals.
WHAT HAPPENED?
Recently, ORM announced that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed. According to the breach notice, on or around August 27, 2024, ORM experienced a network disruption that impacted certain systems.1 As a result, ORM launched an investigation to determine the nature of the incident.
Through its investigation, ORM confirmed that sensitive personal information in its systems may have been compromised by an unauthorized third-party between August 26 and August 27, 2024. As a result, ORM began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While exact type of personal information potentially exposed has not been made publicly available by ORM, it has confirmed that protected health information in its systems was impacted, including lab data and patient names.1 Additionally, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or state identification card number
- Passport number
- Financial account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to a consumer’s financial account
- Data from automatic measurements of a consumer’s physical characteristics, such as an image of a fingerprint, retina or iris
- Health insurance policy number or health insurance subscriber identification number
- Medical information (e.g., medical history, mental or physical condition, medical diagnosis or treatment)
On October 25, 2024, ORM posted a notice of the incident on its website. Additionally, ORM plans to mail data breach notification letters to impacted individuals. Based on the website breach notice, ORM is providing affected individuals with a list of the specific types of sensitive information impacted. A link to the form breach notification that ORM posted to its website is below.
If you received a breach notification letter from Oregon Reproductive Medicine, LLC d/b/a ORM Fertility:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
