RansomHub claims Planned Parenthood cyberattack

Planned Parenthood of Montana confirmed a cyberattack that began on Aug. 28, 2024. RansomHub, a ransomware group that has been targeting critical infrastructure since its inception in February 2024, posted about the Planned Parenthood cyberattack on its leak site and claimed to have stolen 93 gigabytes of data.

Martha Fuller, president and CEO of Planned Parenthood of Montana, said that the organization immediately engaged its incident response protocols and took parts of its network offline as soon as it learned of the incident.

"We are grateful to our IT staff and cybersecurity partners, who are working around the clock to securely restore impacted systems as quickly as possible, and who are tirelessly investigating the cause and scope of the incident," Fuller said.

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, HHS and the Multi-State Information Sharing and Analysis Center issued an advisory about RansomHub on Aug. 29, 2024, warning critical infrastructure entities to remain vigilant.

RansomHub is a ransomware-as-a-service variant that has exfiltrated data from at least 210 victims in its short tenure, including entities in the healthcare, government, financial services and critical manufacturing sectors.

RansomHub's affiliates typically leverage a double extortion model by exfiltrating data and encrypting systems in order to extort victims.

"The attack on Planned Parenthood continues the unsettling trend of healthcare providers being targeted by ransomware groups," Thomas Richards, principal security consultant at the Synopsys Software Integrity Group told TechTarget Editorial.

"We see an increase in breaches from different industry verticals as ransomware gangs target organizations that have less robust cybersecurity practices. With how sensitive the breached information is, patients of Planned Parenthood should register for credit monitoring services and be mindful of any medical claims made."

Planned Parenthood serves millions of patients every year and another regional location was targeted by ransomware in the past. In 2021, a hacker gained access to Planned Parenthood Los Angeles and installed malicious software, resulting in a data breach that affected 400,000 patients.

As healthcare entities continue to face ransomware threats, CISA and its partners recommended hardening security controls, implementing a recovery plan and keeping all operating systems up to date.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.