Planned Parenthood says hacker managed to access details of 400,000 patients

A hacker was able to illegally access the personal information of hundreds of thousands of patients in October at Planned Parenthood’s Los Angeles centre, the organisation has revealed.

On 30 November, Planned Parenthood sent out letters to patients whose data was taken during the breach between 9 October and 17 October. “We identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information,” said the letter to patients.

The letter also stated that upon finding out on 17 October, the organisation immediately took its systems offline, notified law enforcement, and employed a specialist cybersecurity firm to help investigate.

So far, no instances of fraud have been reported with the details obtained from Planned Parenthood LA. But the organisation stated that “Patients are encouraged to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive.”

The pro-choice organisation has been at the centre of the US abortion debate for years, constantly being the target of protests and threats by anti-abortion activists for offering abortions to women.

Planned Parenthood Los Angeles was hacked using malware/ransomware and was the only Planned Parenthood facility that suffered from the recent data breach, representative John Erickson told The Independent. But the organisation has been hacked before.

Planned Parenthood Metropolitan Washington DC posted a notice on its site stating that “unusual network activity” occurred on 3 September 2020, and documents were taken, including patient information, medical records and even, in certain cases, patients’ health insurance information, financial account information, and social security numbers.

Since the LA recent breach, the organisation claims it has taken further measures to protect the data it holds on file “including increasing our network monitoring, engaging an external cybersecurity firm, and hiring additional cybersecurity resources and talent to our team,” stated Planned Parenthood’s compliance officer Kevin Oliver.

In 2015, after another data breach, the names and email addresses of hundreds of Planned Parenthood employees were exposed by an anti-abortion campaigner.

The abortion debate has ramped up in recent months after Texas recently introduced a law dubbed the “heartbeat bill”, which bans abortion after six weeks.

The Roe v. Wade 1973 ruling – which that legalised abortion in the United States – could be undermined further if the US Supreme Court upholds a Mississippi law that bans abortions after 15 weeks of becoming pregnant. The court is set to make a decision by June 2022.

The Independent has contacted Planned Parenthood Los Angeles for further comment.