Planned Parenthood, the largest single provider of reproductive health services and abortion facility within the United States has reportedly been rocked by a cyberattack. The ransomware group RansomHub claimed responsibility for the attack, after sharing the non-profit organization as a victim on its ransomware victims site.
93 GB of Data Stolen in Attack on Planned Parenthood
According to PCMag Australia, the firm had first become aware of the incident on August 28. “We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure,” Martha Fuller, CEO for the Montana office.
Fuller told the outlet, “We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure.” She added, “That investigation is ongoing. We are aware of the RansomHub post, and want to assure our community that we are taking this matter very seriously. We have reported this incident to federal law enforcement, and will support their investigation.”
In her full statement to the outlet, Fuller noted that the Planned Parenthood staff were “working to minimize any operational disruptions and continue providing care to our patients,” confirming that IT systems in the Montana office may have been impacted.
The ransomware actor RansomHub threatened to leak the stolen data in a week, raising additional concerns as sensitive patient health data may have been included as part of the attack. However, amongst the sample data that had been shared by the group only administrative, court, and financial documents were found.
According to security researcher Dominic Alvieri, the Planned Parenthood office had been compromised through the use of the VenomRAT Remote Access Trojan. The Cyber Express reached out to Planned Parenthood for additional details via its press inquiry email, however no responses have been received as of yet.
Non-Profit Had Faced Extensive Cyberattacks Earlier
Earlier in 2021, the personal information of around 400,000 patients from a Los Angeles branch of Planned Parenthood had been stolen in a cyberattack.
According to the attack notification information relating to addresses, insurance information, birthdays and clinical information, such as diagnosis, procedure, and/or prescription information had been compromised as a result of the attack.
Even earlier, the firm had faced a cyberattack in 2020 where names, addresses, dates of birth, diagnoses, treatments, prescription information, social Security and financial information had been compromised as part of an attack.
The non-profit reproductive health facility has garnered significant attention from individuals with anti-abortion views which has sometimes escalated to violent actions, as in an incident where a former US Marine had been arrested for firebombing a Planned Parenthood clinic in Orange County, California.
The United States DOJ has an extensive list of such attacks against abortion clinics with at least 11 of them related to Planned Parenthood.