A data breach that affected nearly half a million patients at Planned Parenthood Los Angeles (PPLA) is being blamed on a ransomware attack, according a report by the Los Angeles Times. A December 2021 review of the Office for Civil Rights (OCR) notification portal reveals that the PPLA “hacking incident” affected 409,759 Planned Parenthood clients.
Live Action reports:
In an email alert sent to its clients PPLA indicated that on October 17, PPLA identified “suspicious activity” on its “computer network.” Planned Parenthood then claimed it immediately took its “systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation.”
The investigation determined that “an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time,” according to PPLA, which later concluded that the files which were involved contained patient names, insurance information, dates of birth, and “clinical information, such as diagnosis, procedure, and/or prescription information.”
A separate “hacking incident” involving 500 patients was reported in November of 2020 at Planned Parenthood of Metro Washington, according to the OCR notification portal.
“After an extensive forensic investigation, on October 21, 2020 we determined that unauthorized actors gained access to our network and between August 27, 2020 and October 8, 2020 acquired copies of documents that contained some patient information,” Planned Parenthood’s Washington affiliate wrote in a public notice on its website about that incident.