New York-based reproductive healthcare provider, Planned Parenthood of Montana, has given additional information about the RansomHub ransomware attack that was initially reported at the beginning of September. During the initial security breach report, the investigation just started and it was not confirmed if the attacker stole any patient information. Now, there is confirmation from Planned Parenthood about the theft of the protected health information (PHI) of 18,003 people during the attack.
As announced earlier, suspicious activity was discovered inside its computer system on August 28, 2024. The investigation that began on September 6, 2024 confirmed the access of unauthorized actors to its system and the exfiltration of copies of files that included some patient data. The ransomware group gained access to its system and extracted files from August 24, 2024 to August 28, 2024.
Planned Parenthood reviewed the files in the subsequent weeks to identify the types of data affected. Based on the results, the compromised information included names, birth dates, addresses, medical record numbers, medical insurance data, and/or clinical details, such as name(s) of providers, date(s) of service, diagnosis data, treatment details, and/or prescription details.
Planned Parenthood stated it implemented security measures before the attack, and will take further steps to boost the security measures to avoid the same incidents later on. Notification letters were mailed to the impacted persons on November 5, 2024 in compliance with HIPAA law. Anyone with questions concerning the incident can contact the dedicated call center – (888)-479-9996. Support is available from Monday to Friday, 6.00 a.m. to 4.00 p.m.
When RansomHub attacked Planned Parenthood, the group claimed to have taken 93 GB of data. CEO Martha Fuller of Planned Parenthood confirmed detecting a cyberattack on August 28, 2024, and mentioned taking quick action to stop the unauthorized access.
When a healthcare provider suffers a data theft incident, the affected individuals are at risk. However, an attack on a reproductive healthcare and sexual health services provider is more serious because of the sensitive nature of the data of the impacted persons. Besides the threat of identity theft and fraud, cybercriminals can try to extort money from patients and the exposure of sensitive data might even have legal implications for patients who had sought or got abortion procedures.
RansomHub included Planned Parenthood on its dark web data leak webpage on September 4, 2024, and posted screenshots of financial, administrative, and legal papers as proof of the attack. No patient data was uploaded at the time. The ransomware group gave Planned Parenthood 7 days to reply to avoid the exposure of the stolen information.