Cyber Incident Victim: Planned Parenthood

On October 17, 2021, Planned Parenthood Los Angeles (PPLA) detected suspicious activity on its computer network, prompting immediate containment measures including taking systems offline. The organization notified law enforcement and engaged a third-party cybersecurity firm to investigate. Forensic analysis determined unauthorized actors had accessed PPLA's network between October 9 and October 17, 2021, during which they exfiltrated files. By November 4, 2021, PPLA confirmed the stolen data contained personal and medical information of approximately 400,000 patients. Compromised data included patient names, addresses, dates of birth, insurance details, and clinical information such as diagnoses, medical procedures, and prescription histories. No financial information was confirmed to have been exposed in the breach. PPLA began notifying affected individuals following this determination, disclosing the incident publicly in early December 2021 through a formal breach notification and media statements.

The incident was attributed to a ransomware attack, as confirmed by PPLA spokesperson John Erickson. Attackers employed a double-extortion tactic common among ransomware groups, first stealing sensitive data before deploying encryption malware. While the specific ransomware operation responsible remained unidentified, the theft of medical records created significant privacy risks for patients due to the highly sensitive nature of exposed clinical details. PPLA's response focused on containment through system isolation, collaboration with law enforcement agencies, and forensic investigation to determine breach scope. No information was disclosed regarding ransom demands, payments, or potential data publication by the attackers. The exposure of insurance information and medical histories elevated risks of targeted social engineering attacks against victims, though PPLA did not publicly report any instances of misuse following the breach.