But an investigation is ongoing, he said, and information was compromised for about 400,000 patients of the organization at the center of the country’s fierce debates over abortion rights. Someone gained access to Planned Parenthood Los Angeles’ network between Oct. 9 and Oct. 17, installed malicious software and “exfiltrated” some files, Erickson said in a statement.
Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”
Erickson said the attack involved a specific type of malware called ransomware that was behind this year’s Colonial Pipeline shutdown. That hack on the U.S. energy infrastructure drew new public attention to a growing problem for private organizations and governments alike. Across the country in 2020, 113 federal, state and local governments and agencies reported ransomware attacks costing about $915 million, according to one estimate by Emsisoft, a company that sells cybersecurity services.
Ransomware is a malicious computer code that hackers deploy to block an organization’s access to its own computer network to extort a ransom. Erickson did not immediately respond to questions about whether PPLA paid a ransom and how malware affected its systems.
Planned Parenthood Los Angeles said it “identified suspicious activity on our computer network” on Oct. 17 and “immediately took our systems offline.” The organization notified law enforcement and enlisted a cybersecurity firm to help investigate, it said.
On Nov. 4, PPLA said, the organization realized that the stolen files included sensitive information of some patients.
It is not clear who was behind the hack or what the motivation was.
“PPLA takes the safeguarding of patients’ information extremely seriously, and deeply regrets that this incident occurred and for any concern this may cause,” the organization said, adding that it has worked to improve security.
Planned Parenthood has been hacked before. This year, the organization’s Metropolitan Washington branch revealed that patient and donor information — including dates of birth, medical data and Social Security and financial information — was breached in 2020.
Joshua Speiser, director of communications for Planned Parenthood of Metropolitan Washington (PPMW), did not specify at the time how many patients were affected. An investigation in that breach did not find fraudulent use of the leaked personal information.
In a 2015 breach, a hacker group led by a Planned Parenthood critic posted personal information online, the Los Angeles Times reported. Names and email addresses for hundreds of the nonprofit organization’s employees across the nation were exposed.
“Planned Parenthood is the most trusted women’s healthcare provider in this country, and antiabortion extremists are willing to do anything to stop women from accessing the reproductive healthcare they are seeking,” said Dawn Laguens, executive vice president of Planned Parenthood at the time.
Although Planned Parenthood provides many health-care services — including family planning and testing for sexually transmitted diseases — its abortion services have made it a target of protests, threats and conservative ire.
News of the Los Angeles breach came as abortion rights take center stage before the U.S. Supreme Court, which on Wednesday heard oral arguments on a Mississippi law largely banning the procedure after 15 weeks of pregnancy. Justices signaled support for allowing that law to stand, and it is unclear how sweeping such a decision will be for decades of precedent set by Roe v. Wade, the 1973 ruling that legalized abortion in the United States.
A Texas law forbidding abortion even earlier — after about six weeks, when many women do not realize they are pregnant — has also raised abortion opponents’ hopes of overturning precedent and paving the way for stronger restrictions in much of the country.
Justices allowed the law to go into effect in September, alarming abortion rights advocates who warned that vulnerable women would be forced into unwanted pregnancies. The court has yet to rule on that case.