Planned Parenthood Los Angeles (PPLA) suffered a ransomware attack that exposed the personally identifiable information of 400,000 patients.
- Reproductive healthcare non-profit Planned Parenthood Los Angeles (PPLA) notified its patients that a breach had occurred between October 9 and 17.
- An unauthorised person gained access to the network and database with information on 400,000 users was stolen.
Planned Parenthood Los Angeles (PPLA) suffered a ransomware attack that exposed the personally identifiable information of 400,000 patients.
According to the statement, on October 17, staff members first noticed suspicious activity on their computer network. PPLA took its systems offline, notified law enforcement and hired a third-party cybersecurity firm to help investigate.
"The investigation determined that an unauthorized person gained access to our network between October 9, 2021, and October 17, 2021, and exfiltrated some files from our systems during that time, " explained the notification sent to affected patients.
However, it wasn't until November 4 that PPLA determined that the stolen files contained patients' personal data, including their "address, insurance information, date of birth, and clinical information, such as diagnosis, procedure or prescription information."
The Washington Post first reported the data breach on Wednesday.
PPLA spokesperson John Erickson said the stolen files contained the personal data of approximately 400,000 patients and was caused by a ransomware attack.
It is unknown what ransomware gang is responsible for the attack and whether a ransom has been paid.
Planned Parenthood Los Angeles said that there is no evidence so far that any patients’ information was employed for fraudulent purposes, and it was notifying patients whose data was accessed.
According to the statement, Planned Parenthood Los Angeles has taken steps to enhance security measures and protect patients’ information, such as increasing network monitoring, working with an external cybersecurity firm, and hiring additional cybersecurity resources and personnel.
“Patients are encouraged to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive,” the statement said.
According to the statement, the hack was confined to Planned Parenthood Los Angeles and didn’t affect any other affiliates.
“PPLA takes the safeguarding of patients’ information extremely seriously and deeply regrets that this incident occurred and for any concern, this may cause, ” said the statement.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?