Hundreds of thousands of patients from a Los Angeles Planned Parenthood branch have had their information compromised in a massive malware attack. Conducted two months ago, it has only now been disclosed.
A hacker apparently using the same kind of ransomware deployed to seize the Colonial Pipeline energy system earlier this year has reportedly gained access to some 400,000 Planned Parenthood patients from the women’s health clinic’s Los Angeles branch. While Planned Parenthood offers a range of health services, including sexual health screenings and birth control prescriptions, it is perhaps best known for performing abortions.
While the group’s Los Angeles spokesperson John Erickson insisted there was no indication the stolen information had been used for “fraudulent purposes,” he acknowledged that an “unauthorized person” had gained access to the network between October 9 and 17, installed “malicious software,” and “exfiltrated” some files. Among the information stolen were patients’ names, addresses, insurance information, birthdates, and clinical information – including private health data.
The incident appears to have taken place about a month into an increasingly heated battle over abortion rights between pro-choice and pro-life activists, with its epicenter in Texas. The state passed a law on September 1 barring Americans from facilitating any abortion taking place past the six-week mark. Those found to be involved in such a procedure – aside, critically, from the mother receiving the abortion – can be sued for $10,000 or more in one of the act’s more controversial aspects.
Despite the best efforts of the Biden administration, the Supreme Court has thus far refused to file a permanent injunction against the law, though its enforcement has been briefly paused more than once.
Other courts have attempted to loosen their own abortion restrictions in an apparent effort to compensate for the Texas statute, which, unlike previous efforts to overturn the Roe v. Wade decision that legalized abortion in the first place, does not include exceptions for rape or incest.
The malware used to hack the Los Angeles clinic was the same ransomware – called DarkSide – deployed last year to shut down the Colonial Pipeline, but no further information has been revealed about who the attacker may have been or what their motivation was.
It’s not the first time Planned Parenthood has seen its systems infiltrated. Earlier this year, the Metropolitan Washington branch of the organization informed patients that their information – including birthdates, medical data, and social security info – was breached in 2020. In neither case did the clinic acknowledge any fraudulent use of the leaked data.