Security News > 2021 > December > Planned Parenthood Breach Opens Patients to Follow-On Attacks
Planned Parenthood's Los Angeles division has been hacked, with cyberattackers making off with sensitive personal health information for at least 400,000 patients.
The clinical data is highly sensitive: Planned Parenthood offers a variety of sexual health services, including annual well-woman exams, birth control, cervical and testicular cancer screenings, prenatal care, sexual education, vasectomies, and abortions.
Planned Parenthood spokesperson John Erickson told the Washington Post that the attackers also installed ransomware, but he provided no information about whether the effort was successful in encrypting files or if the organization paid a ransom.
Earlier this year, the group's Metropolitan Washington branch disclosed a 2020 breach that saw data thieves make off with patient and donor dates of birth, medical data, and Social Security and financial information.
If the data has been stolen as part of a double-extortion attempt - in which attackers threaten to leak data publicly unless a ransom is paid - that carries one set of security concerns.
"The PII/PHI that has been stolen from Planned Parenthood go beyond the usual threat actor's desire for identity data to resell on the Dark Web," said Garret Grajek, CEO at YouAttest.
News URL
https://threatpost.com/planned-parenthood-breach-attacks/176718/
Related news
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)