400,000 Patients Potentially Affected by Planned Parenthood Ransomware Attack

Planned Parenthood has recently announced it was the victim of a ransomware attack in October that affected its Los Angeles branch.

According to the announcement, a ransomware gang gained access to the network between October 9, 2021, and October 17, 2021, and deployed ransomware to encrypt files. A ransom demand was then issued, payment of which was required to obtain the keys to decrypt data. Prior to using ransomware, certain files were exfiltrated from its systems and were used as leverage to get Planned Parenthood to pay the ransom. It is currently unclear if the ransom was paid but, at the time of writing, the stolen files do not appear to have been published on any ransomware gang’s data leak site.

The ransomware attack was detected by Planned Parenthood Los Angeles on October 17, 2021, and steps were immediately taken to secure its network and investigate the security breach. When it was confirmed that files had been stolen, a review was conducted to determine the types of information that had been compromised.  On November 4, 2021, it was confirmed that some of the stolen files contained patient information.

The types of information contained in the files varied from patient to patient and may have included names, addresses, dates of birth, diagnosis, health insurance information, and medical information, including details of the procedures that had been performed and any prescriptions provided. The cyberattack has been reported to law enforcement and the investigation into the security breach is ongoing.

Planned Parenthood Los Angeles said 409,759 patients have potentially been affected and will be notified by mail and advised of the steps they can take to prevent misuse of their information. Planned Parenthood said there are no indications that any stolen patient information has been misused to date.

Planned Parenthood has taken steps to augment its existing security measures to prevent further cyberattacks, including enhancing monitoring of its network and hiring additional staff members to bolster its cybersecurity team.

“The type of data that bad actors exfiltrated from Planned Parenthood victims is extremely dangerous in the hands of criminals. PII like addresses and dates of birth is one thing, but coupled with clinical information – that can be disastrous. Tying these kinds of sensitive medical data back to individuals can open them up to fraudulent medical scams and also fraudulent insurance claims,” said Paul Laudanski, head of threat intelligence at email security firm Tessian.

This is not the first time Planned Parenthood has experienced a cyberattack. Patient infomation was stolen in a hacking incident that affected its Metropolitan Washington branch in 2020, and hacktivists breached its systems in 2015 and obtained the names and addresses of hundreds of its patients.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.