Planned Parenthood Breach: 400K Patients’ Personal, Clinical Data Stolen in Ransomware Attack

Abortion rights advocates supporters and staff of Planned Parenthood hold a rally outside
Saul Loeb/AFP/Getty Images
Dr. Susan Berry

The personal and clinical information of about 400,000 patients of Planned Parenthood Los Angeles (PPLA) was stolen in October in a ransomware attack, the organization announced Wednesday.

In letters and emails sent to patients November 30 to notify them about the attack, Planned Parenthood wrote the files involved in the breach contained patients’ names, addresses, insurance information, dates of birth, and clinical data, such as diagnosis, procedure, and/or prescription information, the Daily Mail reported.

“The breach is staggering both for the number of victims and for the highly personal information hackers stole, which could identify people who’ve had abortions and other procedures,” the Washington Post noted as well Thursday.

According to the letter to patients, PPLA “identified suspicious activity” on its computer network on October 17.

The organization wrote it “immediately took our systems offline, notified law enforcement,” and hired a “third-party cybersecurity firm” to assist in an investigation.

WASHINGTON, DC - JULY 26: House Minority Leader Nancy Pelosi (D-CA) speaks to the crowd during a protest against the GOP health care plan, on Capitol Hill, July 26, 2017 in Washington, DC. GOP efforts to pass legislation to repeal and replace the Affordable Care Act, also known as Obamacare, were dealt setbacks when a mix of conservative and moderate Republican senators joined Democrats to oppose procedural measures on the bill. (Photo by Drew Angerer/Getty Images)

House Minority Leader Nancy Pelosi (D-CA) speaks to the crowd during a protest against the GOP health care plan, on Capitol Hill, July 26, 2017, in Washington, DC. (Photo by Drew Angerer/Getty Images)

The letter stated the investigation revealed “an unauthorized person gained access to our network” between October 9 and October 17 and “exfiltrated some files from our systems during that time.”

In a section of the letter titled, “What You Can Do,” Planned Parenthood told patients:

At this time, we have no evidence that any information involved in this incident has been used for fraudulent purposes. However, in an abundance of caution, we wanted to notify you of this incident and assure you that we take this very seriously. It is always a good idea to review statements you receive from your health insurer and health care providers. If you see charges for services you did not receive, please call the insurer or provider immediately.

Meanwhile, Planned Parenthood said it will “take steps to enhance our existing security measures” including “increasing our network monitoring” and hiring additional cybersecurity personnel.

“It is unclear whether the Planned Parenthood plans to pay off the hackers that stole the names, addresses, contact information and medical records of their patients,” the Daily Mail noted.

COMMENTS

Please let us know if you're having issues with commenting.