The Los Angeles chapter of Planned Parenthood suffered a ransomware attack in October that compromised the personal information of about 400,000 patients, the health care provider said Wednesday.
The unidentified perpetrator stole documents from the Planned Parenthood affiliate that contained sensitive data on some patients such as their insurance information, their diagnosis, procedure or prescription, according to a breach notification the organization sent to victims.
“Law enforcement was notified of this incident,” John Erickson, a spokesperson for Planned Parenthood Los Angeles, said in an email to CNN. “Unfortunately, we do not know the identity of the person responsible, which is not uncommon in these situations. However, we have no indication this was a targeted attack.”
Erickson said the incident was confined to Planned Parenthood’s Los Angeles chapter and that there is no evidence that the stolen information had been used for fraudulent purposes. Erickson declined to address questions about whether there was a ransom demand or what type of ransomware was used.
The Washington Post first reported on the incident.
The last year has seen several major ransomware attacks, including one that targeted and hampered Colonial Pipeline, one of the largest US fuel pipelines. In November, US Cyber Command head and director of the National Security Agency Gen. Paul Nakasone said the US government had taken aim at sources of funding for ransomware operatives, many of whom are based in Russia and Eastern Europe and who have made millions extorting US companies.
Despite the enormous toll the coronavirus pandemic has taken on hospitals and other health clinics, many cybercriminals have not refrained from holding computer systems of such facilities hostage. There were more than 100 publicly reported ransomware attacks on health care providers in 2020, more than double the amount in 2019, according Allan Liska, senior intelligence analyst at cybersecurity firm Recorded Future. That included a wave of hacks of computer networks at US hospitals in the fall of 2020. One incident forced hospitals at the University of Vermont Health Network to delay chemotherapy and mammogram appointments.