The personal information of roughly 400,000 patients was exposed by a ransomware attack on Planned Parenthood’s Los Angeles chapter in October, the health care provider announced Wednesday.
According to a breach warning provided to victims, an anonymous criminal stole papers from a Planned Parenthood affiliate that contained personal data on some patients, such as their insurance information, diagnosis, surgery, or prescription.
“Law enforcement was notified of this incident,” John Erickson, a spokesperson for Planned Parenthood Los Angeles, said in an email to CNN. “Unfortunately, we do not know the identity of the person responsible, which is not uncommon in these situations. However, we have no indication this was a targeted attack.”
According to Erickson, the incident was limited to Planned Parenthood’s Los Angeles chapter, and there is no evidence that the stolen data was used fraudulently. Erickson refuses to comment on whether a ransom demand was made or what form of ransomware was employed.
Several notable ransomware attacks have occurred in the recent year, including one that targeted and crippled the Colonial Pipeline, one of the largest US petroleum pipelines. In November, Gen. Paul Nakasone, the chief of US Cyber Command and the director of the National Security Agency, stated the US government had targeted sources of funding for ransomware perpetrators, many of whom are headquartered in Russia and Eastern Europe and have gained millions by extorting US corporations.
Despite the massive toll the coronavirus pandemic has taken on hospitals and other health institutions, numerous fraudsters have continued to keep such facilities’ computer systems hostage. According to Allan Liska, senior intelligence researcher at cybersecurity firm Recorded Future, there were more than 100 publicly publicised ransomware attacks on health care providers in 2020, more than double the number in 2019. In the fall of 2020, there was a surge of computer network intrusions at US hospitals. The University of Vermont Health Network’s facilities were forced to postpone chemotherapy and mammography appointments as a result of one incident.