Planned Parenthood Breach Opens Patients to Follow-On Attacks
Planned Parenthood’s Los Angeles division has suffered from a cyberattack, resulting in data theft and patient data compromised. According to Planned Parenthood, attackers accessed information such as addresses, insurance information, dates of birth, and clinical information such as diagnosis, procedures, and prescription information. Data from roughly 400,000 patients was stolen, according to the company. The instruction was detected on October 17, and the division subsequently took its systems offline. After conducting an initial investigation, they determined that the intruders had access to the network as early as October 9.
During the attack, malicious actors exfiltrated files containing clinical information. The clinical data is highly sensitive due to the nature of Planned Parenthood’s work, including birth control, prenatal care, sexual education, vasectomies, and abortions. Planned Parenthood stated that the attackers installed ransomware, however, it is unclear whether the installation was successful in encrypting files or if the organization paid a ransom to the threat actors.