Hackers access personal data of Planned Parenthood patients in Los Angeles
Hackers breached the personal information of 400,000 Planned Parenthood patients in Los Angeles between Oct. 9 and Oct. 17, according to a spokesperson for the organization.
Why it matters: In letters sent out to victims of the breach, the reproductive health center said hackers gained access to files containing their names and "one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information."
- The organization told patients that it has not yet seen evidence that the information is being used for fraudulent purposes but warned them to review statements from their health insurer and health care providers for services they did not receive.
What they're saying: John Erickson, director of public affairs for the Los Angeles branch, told Axios that ransomware, a type of malware typically used to financially extort businesses, was installed on the organization's computer system during the breach.
- Erickson did not say if the organization was locked out of its system or if it paid a ransom to regain access.
- "Our focus now is on notifying and supporting those patients whose information was involved in this incident," he added.
- The organization said it became aware of suspicious activity on its computer network on Oct. 17 and "immediately" took its system offline. It then notified law enforcement and a third-party cybersecurity firm, which later determined that a breach and data exfiltration started on Oct. 9 and lasted for more than a week.
The big picture: The information that the hackers gained access to and extracted from the organization's computer networks could leave victims vulnerable to extortion schemes and identity theft.
- News of the breach was first reported by the Washington Post on the same day that the Supreme Court heard oral arguments and indicated that it would uphold a Mississippi law that bans abortions after 15 weeks.
What's next: Investigation into the unauthorized access is ongoing.