Cyber-attack on Planned Parenthood
A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII).
The agency said in a notice posted to its website on Wednesday that suspicious activity was detected on its computer network on October 17.
An investigation into the activity remains ongoing; however, it has been determined that an unauthorized person broke into PPLA’s system between October 9, 2021, and October 17, 2021.
PPLA said that during the attack “malware/ransomware” was installed on its network and “some files” were exfiltrated from its systems.
A review of the compromised files found that patient data had been accessible to the threat actor.
“On November 4, we identified files that contained certain patients’ names, and one or more of the following: dates of birth, addresses, insurance identification numbers, and clinical data, such as diagnosis, treatment, or prescription information,” wrote PPLA.
PPLA operates 21 health centers in the Southern California city. The Sacramento Bee reports that 400,000 PPLA patients were impacted by the attack.
PPLA spokesperson John Erickson told the Washington Post that the cyber-attack appeared to be part of a ransomware extortion scheme, in which hackers encrypt files and demand a ransom for a decryption key.