Planned Parenthood LA Impacted by Ransomware Attack that Led to Data Breach
Patients’ Personal Information Was Exposed.
Planned Parenthood LA or also known under the acronym PPLA, a provider of healthcare services in Los Angeles County, has revealed that it suffered a data breach following an October ransomware attack. Apparently, this incident led to almost 400,000 patients’ personal data exposure.
The Planned Parenthood LA Data Breach: Details
According to BleepingComputer, the PPLA patients received a notification where they were informed that October 9 – October 17 was the period when the cyberattack took place, cybercriminals thus managed to compromise the targeted network and engaged in stealing important files.
The nature of the stolen files was later established on the 4th of November when the company discovered that stolen documents included personal information of the patients such as birth data, clinical information like diagnosis or procedure, address, and insurance data.
The ones who first reported this security breach were the reporters from Washington Post. John Erickson, a spokesperson from Planned Parenthood LA declared to the publication that the stolen files included patient personal data, revealed that almost 400,000 patients were impacted, and also stated the nature of the cyberattack which was identified as a ransomware attack.
Here is also what the company said in the notification sent to the patients:
On October 17, 2021, we identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation. (…) The investigation determined that an unauthorized person gained access to our network between October 9, 2021, and October 17, 2021, and exfiltrated some files from our systems during that time.
What Measures Should Be Taken for Now?
Impacted patients should pay attention to different SPAM e-mails or different SMS messages that might have content referring to their personal information like health data or number of visits. Hackers could send these kinds of emails posing as legitimate representatives from the PPLA and tricking people into providing sensitive information. As a precautionary measure, it is better to first ensure that this e-mail really comes from the company and this can be done by contacting Planet Parenthood who will confirm or gainsay the legitimacy of the e-potential malicious mails.
Ransomware Attacks and the Double Extortion Technique
In today’s ransomware attacks, cybercriminals do not just deploy ransomware and encrypt data and then ask for a ransom. They engage in using more advanced techniques like data exfiltration. So, they penetrate the network and then stay there meantime stealing sensitive files and sending them to their servers. Only after this stage, they drop the ransomware and encrypt the data. This is called double extortion ransomware, as not only that data is encrypted, but it is also previously stolen to better blackmail the victims into paying the ransom. Simply put, they threaten the victims to make confidential data public if they do not pay the required ransom.
In this particular case of Planet Parenthood LA, the authors of the ransomware attack are not known yet and information of whether a ransom was paid or not by the company has not been revealed.
How Can Heimdal™ Help?
Ransomware is today’s rising threat, ransomware operators continuously employing more and more advanced techniques. A critical organization’s infrastructure needs efficient tools to protect its valuable data. Use our Heimdal™ Ransomware Encryption Protection, a revolutionary 100% signature-free solution that keeps malicious encryption attempts away by defending your company from data loss and data exfiltration.