Patient information from over 400,000 Planned Parenthood Los Angeles (PPLA) visitors has been accessed in a cyberattack targeting the California reproductive health provider.

PPLA found suspicious activity on its computer network on October 17, 2021. In response to the breach, the organization notified law enforcement and a third-party cybersecurity investigative team, which is conducting an ongoing investigation into the breach. The cybersecurity team determined that a cyberattacker accessed the PPLA network between October 9 and 17, installed malware and ransomware and exfiltrated files containing patient data from the Planned Parenthood system.

The compromised files contain patient names and at least one of the following identifying attributes: birth dates, addresses, insurance information and clinical data including diagnosis and treatment information. PPLA was made aware of this information on November 4, 2021 and released a statement regarding the cyberattack on November 30.

PPLA has increased their network monitoring and hired cybersecurity experts both external and internal to the organization since the cyberattack.