Planned Parenthood of Montana experienced a cyber attack that allegedly exposed 93 gigabytes of data. At this time, RansomHub has claimed responsibility for the breach and has threatened to leak the data if a ransom is not paid. 

According to Planned Parenthood of Montana, the breach was discovered on August 28, 2024. The IT team is currently investigating what data may be compromised.  

Thomas Richards, Synopsys Software Integrity Group, comments, “The attack on Planned Parenthood continues the unsettling trend of healthcare providers being targeted by ransomware groups. We see an increase in breaches from different industry verticals as ransomware gangs target organizations that have less robust cybersecurity practices. With how sensitive the breached information is, patients of Planned Parenthood should register for credit monitoring services and be mindful of any medical claims made.” 

Kevin Kirkwood, CISO at Exabeam, remarks, “A cyberattack on Planned Parenthood has caused the organization to take various systems offline to limit the extent of the attack. This incident which was allegedly claimed by the RansomHub threat group, follows a joint cybersecurity advisory issued just a week earlier by the FBI and CISA. This advisory warned about the group’s expanding activity, targeting organizations across sectors including government services, water and wastewater, transportation, and healthcare. 

“This incident reiterates the growing persistence of today’s threat actors. In response to such evolving threats, cybersecurity must be viewed as an ongoing process of risk reduction. As attackers continuously refine their tactics and techniques, organizations must ensure the effectiveness of their Threat Detection and Incident Response (TDIR) processes. 

“The advisory released last week outlined the key tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) for RansomHub which should be used as a foundation for threat detection and mitigation. It also emphasized the importance of keeping systems updated and implementing network segmentation to limit the reach of attackers and lateral movement within systems. 

“A security program must be flexible in its approach and adapt to new TTPs and IOCs. Rules should encompass those changes in your SIEM solution and be ready to alert the SOC community as soon as practicable. These mitigations should serve as a base for organizations across sectors to effectively mitigate against RansomHub. By taking these steps, organizations can strengthen their defenses and build a more proactive cybersecurity posture.”