Planned Parenthood Los Angeles Hit by Cyber Attack

Close up of Planned Parenthood Office Building and Sign in Los Angeles

The Los Angeles chapter of non-profit healthcare organization Planned Parenthood faced a cyber attack that exposed the personal information of around 400,000 patients. Planned Parenthood stated that an unauthorized person gained access to its network and stole certain files from its systems.

After conducting an investigation, the organization learned that the stolen files contained personal data of its patients. Planned Parenthood revealed in a breach notification that the incident occurred in October this year.

At this time, the actor responsible for the incident remains unidentified. However, the organization has not found any trace of fraudulent activity involving the stolen data. John Erickson, spokesperson for Planned Parenthood LA, said, “Unfortunately, we do not know the identity of the person responsible, which is not uncommon in these situations. However, we have no indication this was a targeted attack.”

Details on the Stolen Patient Data and Subsequent Measures Taken by Planned Parenthood

Planned Parenthood is a non-profit organization that provides sexual and reproductive healthcare services. It has a global presence and actively advocates for policies to protect and expand reproductive rights.

In the breach notification to the victims, the organization said it detected suspicious activity on October 17, 2021. A preliminary investigation revealed that the perpetrator accessed its network sometime between October 9 and October 17 and exfiltrated certain files.

The stolen files contained the patients’ name, along with one or more of the following information:

  • address
  • insurance information
  • date of birth
  • clinical information (for diagnosis, procedure, prescription information, etc.)

Planned Parenthood urged its patients to review statements from their health insurers and healthcare providers, and to be aware of any charges for unauthorized services. The organization said it has and will “continue to take steps to enhance our existing security measures and to help protect the information in our care.”

These measures include:

  • Increased network monitoring
  • Expanding its internal cybersecurity resources and talent
  • Engaging an external cybersecurity firm

Rise in Cyber Attacks on the US’ Critical Infrastructure Sectors

The incident is the latest in a growing list of attacks on US healthcare and other critical infrastructure sectors. In fact, several US federal agencies, such as CISA and the FBI, regularly put out advisories warning organizations about cyber threats.

For example, three US agencies released a joint advisory in October warning the country’s healthcare sector of impending ransomware attacks and data thefts. Similarly, federal agencies warned that Iran-backed hackers were targeting the country’s transportation and public health sectors.

One of the more worrying attacks in recent memory comes from north of the border. Last month, a cyberattack shutdown the healthcare IT systems in the Canadian province of Newfoundland and Labrador.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.