
Sensitive Personal Info on 400K Patients Data Lifted
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Planned Parenthood Los Angeles (PPLA) has reported a data breach. PPLA says that the organization noticed suspicious activity on its IT network on October 17, 2021, and took immediate action to stop the attack. However, sensitive patient data was stolen.
Attackers gained access to the Planned Parenthood LA’s network between October 9, 2021 and October 17, 2021. The hackers installed ransomware and exfiltrated files.
According to their website, the stolen data includes name and one or more of the following –
- Address,
- Insurance information,
- Birthdate, and
- Clinical information like diagnosis, procedures, or prescription information
A PPLA spokesperson, John Erickson, told the Washington Post that the security incident is confined to the Los Angeles affiliate office. Erickson added that the data breach impacts about 400,000 patients.
“While at this time, we have no evidence that any information involved in this incident has been used for fraudulent purposes, out of an abundance of caution, PPLA is mailing notification letters to patients whose information was contained in documents that were exfiltrated from our systems,” says a statement on the PPLA website.
Ransomware is a type of malware that infects a computer or an entire IT network and then encrypts every file stored on them. It may also take control of the system and allow the attacker to install more malware or communicate with the victim. Control of the system and the encrypted files is not relinquished until the ransom is paid, which may increase as time passes or if the victim attempts to remove the ransomware.
The ransomware used in the PPLA attack is the same one used against Colonial Pipeline earlier this year. In the security incident, Colonial Pipeline’s infrastructure was crippled for a week because of a DarkSide ransomware attack.
Colonial eventually paid the $5 million ransom to regain control of their systems.
The US Federal Bureau of Investigation (FBI) was able to recover some of the paid ransom.
Currently, there is no evidence that the stolen personal data has been used for malicious purposes. Stolen personal data such as email address, job title, and phone number are typically used in future scams and cyberattacks such as phishing email attacks, identity theft, income tax fraud, and more. Cybercriminals use information exfiltrated during multiple data breaches to build a database of stolen personal data.
The investigation into this attack is ongoing.