Data from 400,000 Planned Parenthood patients compromised

Patient information from over 400,000 Planned Parenthood Los Angeles (PPLA) visitors has been accessed in a cyberattack targeting the California reproductive health provider.

PPLA found suspicious activity on its computer network on October 17, 2021. In response to the breach, the organization notified law enforcement and a third-party cybersecurity investigative team, which is conducting an ongoing investigation into the breach. The cybersecurity team determined that a cyberattacker accessed the PPLA network between October 9 and 17, installed malware and ransomware and exfiltrated files containing patient data from the Planned Parenthood system.

The compromised files contain patient names and at least one of the following identifying attributes: birth dates, addresses, insurance information and clinical data including diagnosis and treatment information. PPLA was made aware of this information on November 4, 2021 and released a statement regarding the cyberattack on November 30.

PPLA has increased their network monitoring and hired cybersecurity experts both external and internal to the organization since the cyberattack.

Madeline Lauver is the Editor in Chief of Security magazine. Lauver joined Security in 2021 as its Assistant Editor, and she covers news affecting enterprise security leaders, including physical security, cybersecurity, leadership and management, risk and resilience and more. Within her role at Security, Lauver focuses on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content. Lauver graduated in 2019 with a B.A. in English, German and Media Studies from Kalamazoo College.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.