Ransomware Attack on Planned Parenthood Compromises Data on Over 400,000 Patients

A ransomware assault on the Los Angeles branch of Planned Parenthood has compromised knowledge on roughly 400,000 sufferers, the group revealed this week. The breach, which entails delicate data on a surprisingly massive variety of sufferers, has come to mild simply as a Supreme Court drama regarding ladies’s reproductive rights performs out in Mississippi.

According to the Washington Post, which initially reported the breach, the assault befell in October, although PPLA solely not too long ago found that affected person knowledge had been affected and subsequently despatched out notifications.

“On October 17, 2021, we identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation,” reads an obligatory breach notice filed with the California Attorney General’s workplace.

In an announcement shared with Gizmodo by PPLA spokesman John Erickson, the group stated that investigation had proven an “unauthorized person” gained entry to the group’s community between Oct. 9 and Oct. 17 and “installed malware/ransomware and exfiltrated some files from its systems during that time.”

Over the previous yr, ransomware assaults have reached epidemic proportions in America. Malware-fueled incidents involving the meals and beverage trade, power sector, state and native authorities, and just about each different realm of public life have saved the nation in a state of high-frequency nervousness—one thing the Biden administration has repeatedly promised to do one thing about.

In Planned Parenthood’s case, it might seem that the information that was stolen is sort of intensive. The PPLA not too long ago despatched out notifications to sufferers, warning them that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.” Aside from the clearly invasive nature of the breach, such knowledge might fairly simply be utilized in id fraud.

Bleeping Computer notes that it’s at present unclear which ransomware gang was behind the assault. From the accessible reporting, it’s additionally not clear if PPLA found a ransom notice, is in lively communication with the hacker gang, or whether or not they have paid a ransom. It’s attainable {that a} particular gang could quickly declare accountability for the assault, after which, if PPLA has not but paid, they might probably start leaking the stolen knowledge—a common extortion tactic utilized by cybercriminals.

The assault on the ladies’s well being group has occurred simply as a combat over ladies’s reproductive well being unfolds within the Supreme Court. The court docket is at present contemplating whether or not to uphold or overturn a Mississippi legislation handed by the state’s legislature in 2018, the Gestational Age Act, which bans abortions after 15 weeks of being pregnant with out making exceptions for rape and incest. The legislation has deeply alarmed abortion rights activists—with many claiming that the authorized combat over this legislation might successfully overturn Roe v. Wade, the landmark abortion rights case. As of proper now, it seems that the court docket will likely uphold the law.