Planned Parenthood: cyber attackers threaten to leak data

New York-based nonprofit Planned Parenthood has become the latest healthcare provider to fall victim to a cyberattack, forcing the organisation to take parts of its IT infrastructure offline to limit damage.

The RansomHub group has claimed responsibility for the attack and is threatening to leak 93GB of data allegedly stolen from the organisation’s systems within six days, it said.

This relatively new ransomware-as-a-service (RaaS) operator extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail.

Considering the wide range of reproductive and sexual healthcare services offered by Planned Parenthood, including access to contraception, abortion care, and hormone therapy, a data breach within the organisation could have significant privacy, legal and safety concerns for patients.

While the criminals have published confidential documents on their extortion portal on the dark web to prove their claims, this has not been confirmed by Planned Parenthood.

According to law enforcement agencies, since surfacing in February this year RansomHub and its affiliates have breached over 200 victims from a wide range of critical US infrastructure sectors.

Last month, the FBI, CISA, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) issued a joint advisory about RansomHub’s trend of targeting healthcare organisations.

Earlier this month TechInformed published a report on a healthcare table top simulation, which focussed on preparing the sector to manage and mitigate cyber attacks.

Unhealthy attention

Healthcare has become a key target for ransomware criminals this year. Following an attack in February by ALPHV/Blackcat, Change Healthcare’s payment system was shut down leading to a reported $22 million ransom payout.

In the UK, meanwhile, a cyber-attack in June on pathology service Synnovis impacted several London hospitals and led to an unprecedently low level of blood stocks across England.

According to Greg Day, vice president and global field CISO at Cybereason, these attacks highlight how reliant the industry has become on digital technology for managing patient medical data and supporting numerous treatment processes.

He added that in his firm’s annual ransomware report on costs, it found that over half of the affected organisations took between three to 12 months to even detect they had been compromised.

“This delay often leaves many feeling compelled to pay the ransom. However, less than half of those who paid were able to recover their data and services without corruption.

He urged every business needs to test their response capabilities and strengthen their resilience. “As the complexity of attacks and the digitisation of medical systems continue to grow, we must develop faster, more effective ways to detect and mitigate these malicious operations,” he added.