Ransomware attack on Planned Parenthood steals data of 400,000 patients

Ransomware hackers broke into a Planned Parenthood network and accessed medical records or other sensitive data for more than 400,000 patients of the reproductive health care group.

The disclosure came in a sample letter posted to the California attorney general’s website and a release published by the organization. Both said that the intrusion and data theft was limited to patients of Planned Parenthood’s Los Angeles chapter. Organization personnel first noticed the hack on October 17 and conducted an investigation.

“The investigation determined that an unauthorized person gained access to our network between

October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time,” the letter stated. It went on to say: “On November 4, 2021, we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

The release said that the intruder “installed malware/ransomware and exfiltrated some files from its systems during that time.” The organization said it has no evidence the stolen data has been used for fraudulent purposes. Planned Parenthood of Los Angeles spokesman John Erickson didn’t respond to a question asking if the organization could rule out that possibility.

Ransomware has become a scourge that hits both Fortune 500 firms and small nonprofits alike. The criminals behind the attacks routinely extort money, with the threat to not only lock up victims’ computer networks, but also to leak sensitive data online if the ransom goes unpaid. There are no reports of any of the Planned Parenthood data being published.


Comments