A threat actor has gained access to nearly 400k patients’ personal info of Planned Parenthood Los Angeles in October, the reproductive healthcare provider said Wednesday.

A letter sent to affected patients by Planned Parenthood explained that the files contained patients’ names and “one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

The investigation, which is ongoing, has determined that a hacker got access to the healthcare provider’s network between Oct. 9-17, according to the statement, which also said the hacker installed “malware/ransomware” and took some files from the system.

Buy Me a Coffee

“We take safeguarding patients’ information extremely seriously, and have taken steps to address this incident,” John Erickson, a spokesman for the healthcare provider said. “Our focus now is on notifying and supporting those patients whose information was involved in this incident.”

A spokesperson for Planned Parenthood LA told The Washington Post that it didn’t seem like the information had been “used for fraudulent purposes” and told CNN that it didn’t appear to be a targeted attack. But the data could be valuable if hackers choose to sell it, given its extremely sensitive nature — Planned Parenthood not only provides abortions but birth control, STD testing, and hormone therapy for trans patients, along with a host of other medical services. According to CNN, the data was limited to Planned Parenthood Los Angeles.

READ
Sensitive Data of Over 600,000 Individuals Exposed in SL Data Services Breach