Planned Parenthood Los Angeles hit by ransomware attack


Planned Parenthood Los Angeles began sending notification letters this week to patients whose information may have been affected by a cyber incident in October.

According to the letter, which was posted on the California Attorney General’s Office data security breach website, the PPLA identified suspicious activity on its computer network on October 17.

After taking the systems offline, briefing law enforcement, and hiring a third-party cybersecurity company, the healthcare facility determined that an unauthorized person had gained access to the network between October 9 and October 17, installed ransomware and exfiltrated some system files during this time. time.

Planned Parenthood spokesperson John Erickson said IT health news that approximately 400,000 patient information was contained in the documents.

“At this time, we have no evidence that any information involved in this incident was used for fraudulent purposes,” Erickson said. Erickson said health centers remained open, with patient care operations continuing throughout the incident.


Depending on the facility, the affected files included patient names, as well as one or more of the following:

  • Addresses
  • Insurance Information
  • Dates of birth
  • Clinical information, such as diagnosis, procedure, and / or prescribing information

In many ways, the attack follows the plan laid out by other bad actors who have targeted healthcare facilities.

But some cyber experts have said that high political passions around Planned Parenthood, and reproductive health in general, may mean the incident carries extra weight.

“This is devastating news at a time of political tensions raging as the Supreme Court actively debates a 1973 direct challenge. Roe vs. Wade“said Jane Grafton, vice president of cybersecurity firm Gurucul.

Grafton was referring to pleadings heard in the highest court of Dobbs v. Jackson Women’s Health Organization Wednesday.

Although Planned Parenthood Los Angeles is not directly involved in this case, the association between its parent organization and abortion services has raised concerns about the personal information of its patients, especially given the harassment that providers have suffered. been faced.

“Personal procedures and women’s diagnosis are just that: personal. Flying them for potential exposure puts women in the political crosshairs,” Grafton said. “Securing medical records has never been more important. We can only hope that this information remains out of public reach. ”

“Since not only was standard identity information stolen, but the theft was associated with medical history and procedural data, the ramifications of misuse of this data are easy to imagine,” said said Garret Grajek, CEO of identity governance provider YouAttest.


While 400,000 is a substantial number of patient records, the violation is far from the most serious reported in 2021.

That dubious honor goes to Florida Healthy Kids Corporation, which has found “significant vulnerabilities” on its site since 2013 – potentially leading to the disclosure of social security numbers, dates of birth, names, addresses and financial information for 3.5 million people.

Nevertheless, it is possible that the PPLA could be the subject of legal proceedings for violation if the data subjects believe that their data has not been adequately protected.

It wouldn’t be the only one in this case, either: In October, a Florida resident took legal action against UF Health Central Florida after an incident potentially exposed her information, along with that of more than 700,000 people. .


“Ransomware continues to be a major problem for organizations around the world, especially now that data is stolen before it is encrypted,” Erich Kron, security awareness advocate for KnowBe4, said in a statement.

“The most common method of spreading ransomware is through email phishing,” he added. “Organizations that want to protect against these attacks should focus on preventative measures such as training employees to detect and report phishing emails, including sending mock attacks to help them hone their skills. their skills. Organizations should also ensure that email filters are in place and as a last resort to recover from the outage, that system backups are tested and kept isolated from the network. “

Kat Jercich is Editor-in-Chief of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.


Comments are closed.