Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.
According to a data breach notification sent to Planned Parenthood Los Angeles (‘PPLA’) patients, the cyberattack occurred between October 9th and 17th, allowing threat actors to steal files from the compromised network.
On October 17, 2021, we identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation, explained the notification sent to affected patients.
The investigation determined that an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time.
However, it wasn’t until November 4th that PPLA determined that the stolen files contained patients’ personal information, including their address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.
In a statement to the Washington Post, who first reported on the breach, PPLA spokesperson John Erickson said the stolen files contained the personal data of approximately 400,000 patients and was caused by a ransomware attack.