Planned Parenthood Ransomware Attack Affects 56,917 Patients
Planned Parenthood of Montana has shared further information on the RansomHub ransomware attack that was first announced in early September. When the security breach was announced, the investigation was still in the early stages, and it was unclear if the ransomware group had stolen any patient data. Planned Parenthood has now confirmed that the protected health information of 56,917 individuals was stolen in the attack.
As previously announced, suspicious activity was identified within its computer network on August 28, 2024. An investigation was launched and on September 6, 2024, it was confirmed that unauthorized actors had accessed its network and exfiltrated copies of documents that contained some patient information. The ransomware group had access to its network and exfiltrated files between August 24, 2024, and August 28, 2024.
The files were reviewed over the following weeks to determine the types of information involved. Planned Parenthood has now confirmed that the compromised data included names, addresses, dates of birth, medical record numbers, health insurance information, and/or clinical information, including provider name(s), date(s) of service, diagnosis information, treatment information, and/or prescription information.
Planned Parenthood said extensive security measures had been implemented before the attack, and steps will be taken to improve those security measures to prevent similar incidents in the future. Notification letters were sent to the affected individuals on November 5, 2024, and a dedicated call center has been established for anyone with questions about the incident – (888)-479-9996. The number is manned Monday to Friday, from 6.00 a.m. to 4.00 p.m. Mountain Time.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sept 5, 2024: Planned Parenthood Falls Victim to RansomHub Ransomware Attack
The Ransom Hub ransomware group’s assault on the healthcare industry continues. Yesterday, RansomHub added the New York-based reproductive healthcare provider Planned Parenthood to its data leak site and claims to have stolen 93 GB of data in the attack. Martha Fuller, president and CEO of Planned Parenthood of Montana, confirmed that a cyberattack was detected on August 28, 2024. Immediate action was taken to prevent further unauthorized access and to contain the attack by taking parts of its network offline. Efforts are ongoing to restore the affected systems, but it is not yet possible to confirm whether any patient data was stolen in the attack.
Any data theft incident at a healthcare provider puts the affected individuals at risk; however, an attack on a provider of reproductive healthcare and sexual health services can have more serious implications for the affected individuals due to the sensitivity of the data held. In addition to the risk of identity theft and fraud, cybercriminals could attempt to extort patients directly and the release of sensitive information could even have legal ramifications for individuals, such as patients who have been seeking or had abortion procedures.
RansomHub added Planned Parenthood to its dark web data leak site on September 4, 2024, and published screenshots of administrative, financial, and legal documents as evidence of the attack. No patient information has been uploaded to the data leak site at the time of writing. Planned Parenthood was given 7 days to respond to prevent the publication of the stolen data. This is not the first ransomware attack to be experienced by Planned Parenthood. In 2021, the Los Angeles Office fell victim to an attack involving the protected health information of 400,000 individuals, and its Metropolitan Washington branch suffered a hacking incident in 2020.
Ransom Hub is a relatively new ransomware group that was first identified in February 2024. The ransomware-as-a-service group has already conducted more than 210 attacks, according to a recent joint cybersecurity advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS). The group has been actively recruiting affiliates from the now defunct ALPHV/Blackcat group, as well as the LockBit ransomware group, and attacks have been increasing, with healthcare victims including the Florida Department of Health and Rite Aid. RansomHub also attempted to extort Change Healthcare following its Blackcat ransomware attack after obtaining a copy of the data from the former Blackcat affiliate who conducted the attack. According to Searchlight Cyber, Ransom Hub was the third most active ransomware group in H1, 2024.
