Planned Parenthood of Los Angeles Hacked
Patient information from over 400,000 Planned Parenthood Los Angeles visitors has been stolen in an attack. Planned Parenthood Los Angeles found suspicious activity on its computer network in October. In response to the breach, the organization notified law enforcement and a third-party investigative team, which is currently conducting an investigation into the breach. The security team found that a hacker accessed the PPLA network between October 9 and 17, installed malware and ransomware and stole files containing patient data from the Planned Parenthood system.
The compromised files contain patient names and information such as birth dates, addresses, insurance information and clinical data including diagnosis and treatment information. The data is highly sensitive since Planned Parenthood offers a variety of sexual health services, including annual well-woman exams, birth control, cervical and testicular cancer screenings, prenatal care, sexual education, vasectomies, and abortions. Some security experts think that the hack may be politically motivated since it happened on the eve of oral arguments being delivered in a landmark Supreme Court case about abortion rights. While it's not clear if this incident was politically motivated, Planned Parenthood has been subject to hacktivist before, including an incident in 2015 that resulted in the data of hundreds of employees being posted online. Earlier this year, the Metropolitan Washington branch disclosed a 2020 breach where hackers stole patient and donor dates of birth, medical data, and Social Security and financial information.
The data may have been stolen as part of an extortion attempt where the hackers threaten to publicly post the data unless a ransom is paid. The PII/PHI that has been stolen from Planned Parenthood may go beyond the usual hacker's desire for identity data to resell on the Dark Web. Given that the theft was coupled with medical background and procedure data, the ramifications of malicious use of this data have a huge potential for damage. The hackers could mount phishing attacks asking patients to confirm their billing information.
Patients should review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive. Planned Parent Hood of Los Angeles increased their network monitoring and hired more security experts in light of the hack.