A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII).
The agency said in a notice posted to its website on Wednesday that suspicious activity was detected on its computer network on October 17.
An investigation into the activity remains ongoing; however, it has been determined that an unauthorized person broke into PPLA’s system between October 9, 2021, and October 17, 2021.
PPLA said that during the attack “malware/ransomware” was installed on its network and “some files” were exfiltrated from its systems.
A review of the compromised files found that patient data had been accessible to the threat actor.
“On November 4, we identified files that contained certain patients’ names, and one or more of the following: dates of birth, addresses, insurance identification numbers, and clinical data, such as diagnosis, treatment, or prescription information,” wrote PPLA.
PPLA operates 21 health centers in the Southern California city. The Sacramento Bee reports that 400,000 PPLA patients were impacted by the attack.
PPLA spokesperson John Erickson told the Washington Post that the cyber-attack appeared to be part of a ransomware extortion scheme, in which hackers encrypt files and demand a ransom for a decryption key.
No evidence has been found to suggest that any of the compromised information has been used for fraudulent purposes.
PPLA is notifying impacted patients by mail and encourages those affected by the incident to review statements from their healthcare providers and insurers for suspicious activity.
“Ransomware continues to be a major issue for organizations around the world, especially now that data is stolen before being encrypted,” said Erich Kron, security awareness advocate at KnowBe4.
“This stolen data, and the threats by the ransomware gangs that perform the attacks to release it publicly, have contributed to the skyrocketing ransom amounts we are seeing.”
Kron added that the damage caused by this ransomware attack could be more than financial.
“In this case, very personal and private information related to very controversial procedures has been stolen, something that could directly impact the trust people have in the organization, especially if the data is released,” said Kron.