em360tech image

Planned Parenthood has been forced to push parts of its IT infrastructure offline to contain the impact of a cyber attack that may have compromised sensitive patient data. 

The cyber attack, confirmed by Planned Parenthood CEO Martha Fuller in a statement yesterday, was first spotted on August 28. The New York-based nonprofit organization is currently investigating its exact scope and impact.

"We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure," Fuller said in a statement. 

"We are grateful to our IT staff and cyber security partners, who are working around the clock to securely restore impacted systems as quickly as possible, and who are tirelessly investigating the cause and scope of the incident," she added. "That investigation is ongoing."

Planned Parenthood is a New York-based nonprofit organization that provides reproductive healthcare services, education, and advocacy for birth control. It's one of the largest providers of reproductive and health services in the United States, with sites across the country.

Fuller notes that the response of Planned Parenthood of Montana's IT staff was immediate and praised their ongoing system restoration efforts.

RansomHub claims responsibility for cyber attack

The confirmation of the hack by Planned Parenthood comes after the hacker group Ransonhub claimed it had broken into the nonprofit and stolen data –which it’s threatening to leak unless payment is made.

RansomHub claims to have snatched 93 GB of the organization's data after gaining access to the system. It says it will share this data online in seven days unless the nonprofit pays, publishing various confidential documents on its extortion portal on the dark web as proof of its claims.

planned parenthood cyber attack

In a statement, Fuller declined to answer specific questions about the network intrusion, including what, if any, data was stolen in the attack. 

She also did not confirm that RansomHub was behind the break-in – but did acknowledge the criminals' claims and threats to leak the stolen data.

"We are aware of the RansomHub post, and want to assure our community that we are taking this matter very seriously," Fuller said. "We have reported this incident to federal law enforcement, and will support their investigation."

Another Healthcare cyber attack by RansomHub

Due to the range of reproductive and healthcare services offered by Planned Parenthood, a data breach within the organization could be devastating for patients.

RansomHub has a history of targeting healthcare providers to steal such sensitive data. According to the CISA, it’s amassed at least 210 victims in the healthcare sector since February, including the UK National Health Service (NHS), Change Healthcare, and Rite Aid – the third-largest drugstore chain in the United States.

Last week, the FBI, CISA, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) issued a joint advisory about RansomHub's trend of targeting healthcare organizations. 

The ransomware gang uses double extortion “by encrypting systems and exfiltrating data to extort victims”, CISA notes. 

However, as RansomHub works on an affiliate model, the exact method of data exfiltration will depend on the affiliate that has broken into the victim’s network.

Greg Day, vice president and global field CISO at Cybereason, told EM360Tech: "Unfortunately, ransomware attacks continue to target the healthcare sector, highlighting just how reliant the industry has become on digital technology for managing patient medical data and supporting numerous treatment processes. 

“Today, organisations are constantly battling a flood of security threats and alerts. It’s now essential for every business to not only test their response capabilities but also strengthen their resilience.”

planned parenthood cyber attack

“ As the complexity of attacks and the digitisation of medical systems continue to grow, we must develop faster, more effective ways to detect and mitigate these malicious operations.”

As of September 5, it has not been confirmed that any data has been stolen from Planned Parenthood's systems, and the investigation to determine this possibility is still underway.

It's not the first time the organization has been hit by a cyber attack. It previously dealt with a ransomware attack again in late 2021, which saw ransomware actors breaching the Los Angeles department (PPLA) and stealing the private records of over 400,000 patients.