A Dec. 2 article from CNET by Corinne Reichert reports that Planned Parenthood Los Angeles confirmed that a data breach last month exposed patient records online, including names, dates of birth, addresses, insurance identification numbers, and clinical data like diagnosis, treatment, and prescription information.
Reichert writes that “An unauthorized person accessed the network between Oct. 9 and Oct. 17, installing malware and stealing files. PPLA said it took its systems offline on Oct. 17 when it noticed suspicious activity, notifying law enforcement and engaging a cybersecurity company to investigate. On Nov. 4, the investigation concluded that patient information was taken, and Planned Parenthood LA is now notifying affected patients.”
On Dec.1, The Washington Post reported that 400,000 patients were affected by the breach.
A Dec. 1 article from The Los Angeles Times by Gregory Yee and Christian Martinez said that “Planned Parenthood Los Angeles said in a statement that there is no evidence so far that any patients’ information was used for fraudulent purposes, and it was notifying patients whose information was accessed.”
That said, “When asked for clarification about the Planned Parenthood Los Angeles attack, John Erickson, a spokesman for the healthcare provider, did not specify which type of malware was detected and did not say whether Planned Parenthood paid a ransom.”
“‘We take safeguarding patients’ information extremely seriously, and have taken steps to address this incident,” Erickson said, the article continues. ‘Our focus now is on notifying and supporting those patients whose information was involved in this incident.’”
Planned Parenthood sent letters to the patients affected by the data breach explaining the situation and steps they can take to protect themselves—including reviewing statements from their health insurer and healthcare providers.
On Dec. 9, according to an article from ClassAction.org, Planned Parenthood Los Angeles is now facing a lawsuit alleging that the breach was due to the facility’s failure to secure patient information.
The article states that “According to the suit, Planned Parenthood failed to properly safeguard patient data despite having been hacked in 2015 and 2020. The lawsuit calls this latest incident ‘particularly egregious’ in light of numerous other high-profile cybersecurity attacks and data breaches of late.”