Planned Parenthood is alerting patients that over 400,000 users may have had their data stolen this past October in a ransomware hack. According to John Erickson, director of public affairs for the family planning nonprofit in Los Angeles, CA, someone installed malicious software into their database of information, potentially walking away with nearly half a million files of patients’ medical records.
It is unknown who is responsible for the attack or why they stole user data, but the hackers were reportedly able to access and “exfiltrate” patients’ personal information, address, insurance details, date of birth, and medical records at the clinic, such as procedure and prescription data.
News of the attack came just as Planned Parenthood reentered national politics, with the fierce debate over abortion rights heading once again to the Supreme Court. With many American’s fearing for their rights as a Mississippi law challenges to overturn Roe v. Wade, users in Los Angeles were facing another kind of threat to their availability to reproductive planning.
According to Erickson, the attack was limited to the Los Angeles branch and there has been “no indication” that any of the stolen information has been “used for fraudulent purposes.”
The specific kind of ransomware attack, which targeted Planned Parenthood from Oct. 9 to Oct. 17, was similar to the one that shut down the Colonial Pipeline earlier this year, according to The Washington Post. The pipeline hack was a massive infiltration of a U.S. energy infrastructure system and brought attention to a growing problem in cybersecurity.
Emsisoft, a cybersecurity services company, estimated that nearly 113 federal, state, and local governments reported ransomware attacks in 2020, totaling roughly $915 million in damages.
A kind of virus that blocks a host’s access to their own computer network, ransomware is usually employed by hackers as a means for extortion. The Washington Post reported that Erickson did not disclose if the family planning organization had to pay a ransom to retrieve the stolen information or how the ransomware used might have affected their systems.
“[Planned Parenthood Los Angeles] (PPLA) takes the safeguarding of patients’ information extremely seriously, and deeply regrets that this incident occurred and for any concern this may cause,” the organization said in a press release.
The non-profit announced that it “identified suspicious activity on our computer network” back on Oct. 17, when it then “immediately took our systems offline” and contacted the authorities. Law enforcement allegedly hired an unnamed cybersecurity firm to oversee the investigation, which is still ongoing.
According to The Los Angeles Times, Planned Parenthood has been the victim of a cyber-attack before, when a Washington D.C. location was hacked back in 2015. Though the number of users affected was never released, the organization similarly announced that they believed that none of the information stolen was fraudulently used.
However, the hacker group responsible ended up posting names and email addresses of hundreds of Planned Parenthood’s employees across the country, as well as exposing other personal information on social media.
Dawn Laguens, the non-profit’s executive vice president during the 2015 attack, said that “Planned Parenthood is the most trusted women’s healthcare provider in this country, and anti-abortion extremists are willing to do anything to stop women from accessing the reproductive healthcare they are seeking.”
After a recent Texas state law banned abortions after six weeks of pregnancy, a similar Mississippi law stands to do the same–banning all abortion procedures after 15 weeks.
The Mississippi law, which is currently being considered by the Supreme Court, has a longer-lasting impact for the nation as a whole, since letting it stand would, in effect, roll back rights given to women in the 1973 Roe v Wade case. The court has yet to come to a decision.