Attackers broken into a Planned Parenthood network and accessed medical records or other sensitive data for more than 400,000 patients of the reproductive health care group.
The disclosure came in a sample letter posted to the California attorney general’s website and a release published by the organization. The intrusion and data theft was limited to patients of Planned Parenthood’s Los Angeles. Organization personnel noticed and conducted an investigation.
The investigation determined that an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from systems during that time. On November 4, 2021, we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.
The release said that the intruder “installed malware/ransomware and exfiltrated some files from its systems during that time.” The organization said it has no evidence the stolen data has been used for fraudulent purposes.
Ransomware has become a scourge that hits both Fortune 500 firms and small nonprofits alike. The criminals behind the attacks routinely extort money, with the threat to not only lock up victims’ computer networks, but also to leak sensitive data online if the ransom goes unpaid. There are no reports of any of the Planned Parenthood data being published.
Word of the latest Planned Parenthood attack comes as the availability of abortions in many states has come under threat in state legislatures. The US Supreme Court heard oral arguments in a case challenging the constitutionality of a Mississippi law that effectively bans the procedure after 15 weeks of pregnancy.