Last Updated: December 6, 2021
Reproductive health NPO Planned Parenthood admitted it “identified suspicious activity” on its network back on October 17, 2021.
After immediately notifying the authorities and following the corresponding protocols, the cybersecurity firm in charge of the case determined that hackers exfiltrated files pertaining 400,000 patients of the LA branch.
The organization confirmed the hacked files contained Personally Identifying Information (PII)—such as name, address, and date of birth—as well as insurance details, diagnosis, treatment history, and other medical data of the patients.
In the wake of the cyberattack, Mr. Kevin Oliver, Planned Parenthood’s Compliance Officer, reaffirmed the health center’s commitment to patients’ privacy. He also assured the public that additional cybersecurity measures will be taken within the organization to prevent a similar occurrence in the future.
Planned Parenthood Is No Stranger to Cyberattacks.
This is not the first time highly sensitive data has been stolen.
For instance, in 2015, an anti-abortion hacktivist group claimed to be behind the exposure of hundreds of employees’ PII.
Then, in late 2020, Planned Parenthood’s DC branch underwent a cyberattack that targeted both patient and donor data, making 2021’s ransomware incident the third data breach scandal the sex education organization has had to go through in less than a decade.
So far, nobody has claimed authorship of the latest attack, and the authorities continue to investigate.
Although Planned Parenthood claims there’s been “no evidence that any information involved in this incident has been used for fraudulent purposes”, the NPO urges patients to take a closer look at all the health-related statements they receive in the foreseeable future, just to be cautious.
The recommendation is not unwarranted, as in 2018 alone there were 87,000 identity fraud incidents involving healthcare and medical insurance.
In fact, recent stats show that healthcare institutions, along with governmental offices and universities, are hackers’ preferred targets for social engineering scams because of the data they store.
In this instance, the data breach is particularly concerning, as tensions run high in wait of the US Supreme Court’s ruling regarding Mississippi’s abortion law.
Security experts Jane Grafton and Brett Callow told iSMG that they believe the nature of the exfiltrated data is quite sensitive, therefore making targets highly susceptible to extortions and online harassment.