(Reuters) – Planned Parenthood’s Los Angeles clinics suffered a ransomware attack in October and personal information of 400,000 patients was stolen, a spokesperson for the women’s reproductive healthcare organization said on Wednesday.
Spokesperson John Erickson said an “unauthorized person” gained access to the Los Angeles affiliate’s network between Oct. 9 and 17 and installed ransomware and malware. There was no indication that any stolen information, which included insurance numbers and health data, had been used by hackers, he said.
An investigation was under way. The group has 21 health centers in Los Angeles, it says on its website. Ransomware, which has dominated cybersecurity threats this year, encrypts victims’ data and can include locking down an organization’s network or stealing data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars.
Erickson did not say whether the ransomware interfered with Planned Parenthood’s access to its computer network, nor if any ransom was paid.
In letters to patients whose data was breached, Planned Parenthood urged them to “review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive.”
Planned Parenthood has been targeted before. In 2015, anti-abortion activists gained access to the names and emails of hundreds of employees and posted them online. The group’s Metropolitan Washington branch said this year that patient and donor information had been hacked in 2020.
(Reporting by Brad Brooks in Lubbock, Texas; Editing by Donna Bryson and Cynthia Osterman)