Planned Parenthood Los Angeles (PPLA) announced Wednesday that it had been the target of a “cybersecurity incident” that compromised patient information.
In a notice posted online, PPLA reported that an “unauthorized individual” had gained access to its networks for a week in October, and had used ransomware and malware to steal files that contained patient names, dates of birth, addresses, insurance numbers, and clinical data that included diagnosis and prescription information.
The Washington Post first reported the breach Wednesday. PPLA spokesperson John Erickson told The Hill that the data of around 400,000 patients had been stolen as part of the breach, but that there was “no evidence that any information involved in this incident has been used for fraudulent purposes.”
PPLA said that after discovering the data breach in October, it had begun mailing notification letters to individuals impacted, had notified law enforcement, and had brought in an unnamed cybersecurity firm to help investigate the incident.
The organization has set up a toll-free hotline for affected individuals to call in with concerns, and taken steps to strengthen its cybersecurity.
“We take the safeguarding of patients’ information extremely seriously, and deeply regret that this incident occurred and for any concern this may cause,” PPLA wrote in the notice.
This is not the first time a Planned Parenthood branch has been breached. Planned Parenthood of Metropolitan D.C. in April disclosed that malicious actors had stolen information in September 2020 that included similar patient information to what was compromised at PPLA.
Both public and private organizations have been hit hard over the past two years by cyberattacks, in particular by ransomware attacks. These have included high profile attacks against Colonial Pipeline and JBS USA this year, along with attacks on schools, hospitals, and government agencies.
-Updated at 7:25 p.m.