Skip to main content

Planned Parenthood data breach exposes 400,000 patients

Data Breach
(Image credit: Shutterstock)
Audio player loading…

Reproductive healthcare non-profit Planned Parenthood Los Angeles (PPLA) has suffered a ransomware (opens in new tab) attack that exposed the personally identifiable information of hundreds of thousands of patients.

The organization recently notified its patients that a breach had occurred between October 9 and 17, during which a database (opens in new tab) with information on 400,000 users was stolen. According to the announcement, the company has taken the usual steps to minimize the damage.

"On October 17, we identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation," explained PPLA.

"The investigation determined that an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time."

The crooks made away with sensitive patient data, including addresses, insurance information, birth dates, and clinical information, the organization confirmed.

The identity of the ransomware group responsible for the attack has not been disclosed.

Ransomware, data theft, DDoS, threats

Ransomware attacks are usually a multi-step process. First, employees are targeted with phishing, spear-phishing or social engineering attacks that, if successful, provide attackers with login credentials for the organization's network.

The malicious actors often lurk within the target network for weeks, identifying and slowly extracting sensitive data (opens in new tab). Only once enough sensitive data has been extracted do the criminals deploy actual ransomware and encrypt the data on the target network. 

A ransom is then demanded from the victim, usually in cryptocurrency, in exchange for the decryption key. Given that more and more companies have started deploying backups to combat ransomware, crooks also threaten to release the data online, if their demands are not swiftly met.

These threats are often paired with Distributed Denial of Service (DDoS) attacks, and phone threats, as well. 

Via Bleeping Computer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.