Following a ransomware attack in October that compromised the personal information of about 400,000 patients, Planned Parenthood Los Angeles has announced a data breach. The intrusion happened between October 9th and 17th, according to a data breach warning given to Planned Parenthood Los Angeles (‘PPLA’) patients, allowing threat actors to grab files from the vulnerable network.
After discovering suspicious activity on their computer network, they quickly pulled their systems offline, informed law enforcement, and hired a third-party cybersecurity company to assist in the investigation.
PPLA didn’t discover the stolen files contained patients’ personal information until November 4, including their address, date of birth, insurance information, and clinical information, such as diagnosis, treatment, or/and prescription information.
According to PPLA spokesperson John Erickson, who originally reported the incident to the Washington Post, the stolen files included the personal information of around 400,000 patients and were triggered by a ransomware operation.
When ransomware attacks are carried out, threat actors stay hidden in a compromised network for days, if not weeks, taking files and transferring them to their servers. The threat actors then use ransomware to encrypt all of the devices on the network once they’ve finished extracting vital data.
They then employ the stolen information to terrify victims into paying a ransom, or the information will be made public on a ransomware gang’s data leak site. It’s unclear whose ransomware group was behind the attack or whether a ransom was paid.
However, if a ransom isn’t paid, they will most likely find out who is responsible when the material is released. Because the stolen data is claimed to contain medical information, including operations performed at PPLA, the material’s public publication might substantially impact those who are affected.