According to the Washington Post, Planned Parenthood sent letters to around 400,000 patients earlier this week warning them that some of their personal information had been compromised in a cyberattack. Patients' names, as well as "one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information," were stolen, according to the healthcare provider.
According to the statement, staff members initially discovered unusual activity on their computer network on October 17th. Planned Parenthood Los Angeles shut down its networks, alerted authorities, and hired a third-party cybersecurity firm to assist in the investigation. According to the statement, a hacker gained access to the healthcare provider's network between Oct. 9 and 17, installed "malware/ransomware," and took some files from the system.
According to Planned Parenthood spokesperson John Erickson, the data leak was limited to the Los Angeles facilities. That's a total of 21 locations, with patients from Beverly Hills to Burbank and Compton affected. “We take safeguarding patients’ information extremely seriously, and have taken steps to address this incident,” Erickson said. “Our focus now is on notifying and supporting those patients whose information was involved in this incident.”
In a letter to patients, Planned Parenthood compliance officer Kevin Oliver stated, "At this time, we have no evidence that any information implicated in this incident has been exploited for fraudulent purposes." Nonetheless, out of an abundance of caution, Oliver advised all patients affected by the incident to pay closer attention to "statements you get from your health insurer and health care providers."
According to the statement, the incident was limited to Planned Parenthood Los Angeles and did not affect any other affiliates. Although the purpose of the hack is unknown, Planned Parenthood has previously been the victim of politically motivated cyberattacks. More than 300 Planned Parenthood Federation of America employees' names and email addresses were exposed on a private website run by a group of hackers known as 3301.
The incident happened as Planned Parenthood was mired in controversy over a series of carefully altered undercover videos released by an anti-abortion group accusing the organization of earning illegally from the sale of foetal parts for medical research. The videos were condemned by Planned Parenthood as misleading, and investigations in a dozen states found no evidence of the organization's wrongdoing.
