Cyber Incident Victim: Planned Parenthood of Montana

On August 28, 2024, Planned Parenthood of Montana detected a cybersecurity incident involving unauthorized network access, prompting immediate activation of incident response protocols. CEO Martha Fuller confirmed the organization proactively took portions of its network offline to contain the intrusion and engaged IT staff, cybersecurity partners, and federal law enforcement to investigate the breach and restore systems. Concurrently, ransomware group RansomHub claimed responsibility for the attack, alleging theft of 93GB of organizational data and threatening to leak the information within seven days unless paid. Fuller acknowledged awareness of RansomHub's public extortion demands but declined to confirm the validity of their data theft claims or explicitly attribute the attack to the group. The nonprofit reported the incident to federal authorities, though the FBI had not publicly commented at the time of reporting.

The intrusion occurred one day before US government agencies issued an alert warning of RansomHub's aggressive targeting of victims through August 2024. Federal investigations indicated the group had compromised at least 210 victims since February 2024 across critical infrastructure sectors including healthcare, government services, and transportation, recruiting former LockBit and ALPHV ransomware gang members following law enforcement disruptions of those groups. Planned Parenthood's cybersecurity team worked continuously to assess the incident's scope and securely restore affected systems, with the investigation remaining ongoing as of the last public statement. No specific details regarding compromised patient data, operational disruptions, or financial impacts were disclosed by the organization. Fuller emphasized the nonprofit's commitment to supporting law enforcement's investigation while maintaining focus on restoring systems and protecting community interests.