Planned Parenthood Says Hacker Compromised Information for 400,000 Patients

The group’s Los Angeles affiliate said it did not know who was responsible for the ransomware attack and did not believe any information had been used for “fraudulent purposes.”

Advertisement

Continue reading the main story

Supported by

Continue reading the main story

Planned Parenthood’s Los Angeles affiliate said this week that a hacker had compromised information for 400,000 patients in a ransomware attack, but it did not believe that the data had been used for “fraudulent purposes.”

The group said it did not know who was responsible for the attack, which came at a potentially momentous juncture in the debate over abortion rights.

The organization said that it had identified suspicious activity on its computer network on Oct. 17 and had taken its systems offline, notified law enforcement officials and engaged a cybersecurity firm to investigate.

The investigation, which was continuing, determined that an “unauthorized person” had gained access to the network between Oct. 9 and Oct. 17, installed ransomware and then withdrew files.

A review of those files found that they contained patients’ names, as well as dates of birth, addresses, insurance identification numbers and clinical data such as diagnosis, treatment or prescription information.

Planned Parenthood of Los Angeles said it had “no evidence that any information involved in this incident has been used for fraudulent purposes” but was notifying patients who were affected “out of an abundance of caution.”

“Unfortunately, we do not know the identity of the person responsible, which is not uncommon in these situations,” John M. Erickson, a spokesman for Planned Parenthood Los Angeles, said in an email on Wednesday. “However, we have no indication this was a targeted attack.”

The breach affected only the local Los Angeles Planned Parenthood affiliate, the group said. No data from the Planned Parenthood Federation of America or any other Planned Parenthood affiliate was compromised.

“PPLA takes the safeguarding of patients’ information extremely seriously, and deeply regrets that this incident occurred and for any concern this may cause,” the group said in a news release on Tuesday. The group said that in response to the attack, it had enhanced its security measures, increased the monitoring of its network and added cybersecurity personnel.

Ransomware attacks have become increasingly common and have hit big businesses, schools and universities, local governments, hospitals and the police. In many cases, hackers break into computer networks and lock up digital information until the victim pays for its release.

Planned Parenthood’s disclosure that it had been the victim of such an attack came at a potentially critical moment for the future of abortion rights.

On Wednesday, the Supreme Court seemed poised to uphold a Mississippi law that bans abortions after 15 weeks of pregnancy. Such a decision would squarely conflict with Roe v. Wade, the 1973 decision that established a constitutional right to abortion and prohibited states from banning the procedure before fetal viability, currently around 23 weeks.

If the Supreme Court upholds the law, Planned Parenthood has said that more than 36 million women of reproductive age, and more people who can become pregnant, in 26 mostly Southern and Midwestern states could lose access to abortion.

Leave a Reply