400,000 Planned Parenthood Patients Potentially Impacted by Ransomware Attack

Planned Parenthood has lately reported it had encountered a ransomware attack last October which impacted its branch in Los Angeles.

As per the report, a ransomware group obtained access to the system from October 9, 2021 to October 17, 2021, and used ransomware for encrypting files. The attacker issued a ransom demand in exchange for the keys for decrypting files. Before ransomware deployment, the attackers exfiltrated selected files from the systems, which were used as leverage to pressure Planned Parenthood to give ransom payments. It is presently uncertain whether the ransom had been paid, however, during the time of writing, there were no stolen files published on the ransomware group’s data leak website.

Planned Parenthood Los Angeles detected the ransomware attack on October 17, 2021, and took steps immediately to protect its system and look into the security breach. Upon confirmation that files were stolen, the entity conducted a review to find out the types of data that were affected. It was confirmed on November 4, 2021 that a number of the stolen files included patient data.

The types of data included in the compromised files were different from one patient to another. The following may have been affected: names, addresses, birth dates, diagnosis, medical insurance data, and medical details, such as specifics of the procedures that were done and any prescription medications given. Planned Parenthood has reported the cyberattack to law enforcement and the security breach investigation is still ongoing.

A Planned Parenthood Los Angeles spokesperson stated about 400,000 patients were potentially impacted and will get notification letters by mail with instructions on how to avoid data misuse. Planned Parenthood mentioned there are no reports of misuse of any stolen patient data thus far.

Planned Parenthood has undertaken steps to enhance its current security procedures to avoid more cyberattacks, which include improving monitoring of its system and employing more staff members to strengthen its cybersecurity group.

The type of information exfiltrated from the victims of Planned Parenthood is very dangerous in the possession of criminals. Bad actors can use PII such as addresses and birth dates, along with clinical data, for fraudulent medical scams as well as bogus insurance claims, according to Paul Laudanski, email security company Tessian’s head of threat intelligence.

This cyberattack is not the first for Planned Parenthood. In 2020, patient data had been stolen during a hacking incident on its Metropolitan Washington branch. In 2015, hacktivists also breached its systems and acquired the names and addresses of many patients.