Ransomware hackers stole the personal information of around 400,000 Planned Parenthood patients in Los Angeles, a spokesperson for the reproductive health nonprofit group said.
Planned Parenthood is alerting patients that some of their data was stolen between Oct. 9 and Oct. 17, John Erickson, director of public affairs for the Los Angeles branch, said in an email. Its investigation is still ongoing, he said.
News of the hack comes as many Americans worry reproductive health rights are under threat. On Wednesday, the Supreme Court signaled it would uphold a Mississippi law that severely restricts abortion access in the state, a drastic break from decades of legal precedent.
According to the email notification that Planned Parenthood sent to victims, the hackers accessed patients' addresses, insurance information, birthdays and "clinical information, such as diagnosis, procedure, and/or prescription information."
Ransomware hackers, seeking to extort money, often not only try to lock up victims’ computers, but also to steal potentially sensitive information and threaten to leak it on the dark web if they’re not paid. So far, no known ransomware gang has leaked the Planned Parenthood data, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
Erickson said in his email that “no evidence that any information involved in this incident has been used for fraudulent purposes.”
The hack was first reported by The Washington Post.
The fact that the data has so far not leaked online might be because ransomware hackers are becoming wary of that tactic after seeing the United States working to shut down other hackers who have done that, said Brett Callow, an analyst at the ransomware remediation company Emsisoft.