Posted on December 3, 2021 at 6:24 PM
The Los Angele brand of Planned Parenthood was recently breached, with over 400,000 patients affected in the incident. According to a letter sent to the California Attorney General’s office, the entity said it discovered suspicious activity on their network on October 7. However, it is not clear whether the hacked data has been used for fraudulent purposes.
According to the report, the threat actor planted malware into one of the systems between October 9 and October 17. They stole files containing the names of patients, as well as other details like medical information, insurance, and addresses of the patients.
Planned Parenthood also noted that the hacker may have exfiltrated information regarding the type of medical procedures the patients may have undergone.
The brand also advised patients to review statements from their insurers or healthcare providers and reach out to them if they discover any charges for services not rendered.
Although no demand has been made from the threat actors, the nature of the attack involves ransomware. The attackers may decide to ask for ransom in exchange for the stolen information.
The Incident Is Under Investigation
The branch said the hacking incident is under investigation and more information will be released when there is any further discovery. The report is coming barely 24 hours after the U.S. Supreme Court deliberated on the reversal of the nationwide right to abortion.
And this is not the first time Planned Parenthood has suffered a hacking incidence. Earlier this year, the Metropolitan Washington branch announced that it suffered a breach where information on patients and donor was hacked. According to the announcement, the breach occurred in 2020. The entity also suffered a hacking incident back in 2015 as hackers posted the names and data of hundreds of Planned Parenthood employees.
Planned Parenthood says it has notified a third-party cybersecurity firm and law enforcement to help with an investigation into the situation.
The organization is not providing any identity protection service for the patients who are affected, but it says plans are in place to improve the cybersecurity systems.
While the investigation is ongoing, it’s not clear who is responsible for the attack and no one has come out to ask for a ransom payment.
The latest attack shows that healthcare organizations are increasingly becoming targets of ransomware attacks. And despite the gigantic role these organizations are playing in addressing the covid-19 pandemic, threat actors have shown more enthusiasm in attacking clinics and hospitals.
Several healthcare organizations have announced breaches and attacks that exfiltrated several data, including bank account information and Social Security Numbers.
Attackss Now Go Beyond Stealing Info To Demand For Ransom
Chief Executive Officer of YouAttest, Garret Graje, recently listed several cyberattacks that have occurred in the health sector involving the Tardigrade malware. He stated that a major Israeli hospital was recently hit in a ransomware attack by the DeepBlueMagic threat actors. The attack crippled the company’s system as they shut down to prevent the spread of the malware.
Grajek added that the type of data stolen from PlannedParenthood goes beyond the usual desire for threat actors to steal data to sell on the dark web.
Apart from the theft of standard identity information, the hackers also stole procedure data and the medical background of the patients. These details can be used for a wide range of malicious purposes.
Although the exact hacking methods have not been released, previous hacking incidents in the medical field showed the use of both technical and social hacking methods.
Affected clients should watch out for ‘Triple Extortion’
A spokesperson at Cybersecurity firm Check Point, Ekram Ahmed, sted that affected persons should watch out for a hacker technique known as “Triple Extortion”
In this type of method, the threat actors are not only encrypting and planting ransomware. They go directly to the patients and threaten to expose their sensitive information if they do not get paid.
Hackers are always looking for healthcare records to steal because some of the patients would want to keep their health records as secret as possible. Besides, hackers can also use the details to commit health insurance fraud or create false identities.
With the staggering number of over 400,000 patients’ data on the hands of these hackers, they will have a field day threatening patients to increase their chances of making more money, Ahmed says.