Ransomware attack on Planned Parenthood steals data of 400,000 patients
Ransomware hackers broke into a Planned Parenthood network
and accessed medical records or other sensitive data for more than 400,000
patients of the reproductive health care group.
The disclosure came in a sample letter posted to the
California attorney general’s website and a release published by the
organization. Both said that the intrusion and data theft was limited to
patients of Planned Parenthood’s Los Angeles chapter. Organization personnel
first noticed the hack on October 17 and conducted an investigation.
“The investigation determined that an unauthorized person
gained access to our network between
October 9, 2021 and October 17, 2021, and exfiltrated some
files from our systems during that time,” the letter stated. It went on to say:
“On November 4, 2021, we identified files that contained your name and one or
more of the following: address, insurance information, date of birth, and
clinical information, such as diagnosis, procedure, and/or prescription
information.”
The release said that the intruder “installed
malware/ransomware and exfiltrated some files from its systems during that
time.” The organization said it has no evidence the stolen data has been used
for fraudulent purposes. Planned Parenthood of Los Angeles spokesman John
Erickson didn’t respond to a question asking if the organization could rule out
that possibility.
Ransomware has become a scourge that hits both Fortune 500
firms and small nonprofits alike. The criminals behind the attacks routinely
extort money, with the threat to not only lock up victims’ computer networks,
but also to leak sensitive data online if the ransom goes unpaid. There are no
reports of any of the Planned Parenthood data being published.
Comments
Post a Comment