Ransomware hackers threaten Montana branch of Planned Parenthood

The Montana branch of Planned Parenthood confirmed that it suffered a cyberattack after a ransomware group threatened to leak sensitive data taken from the organization. 

Martha Fuller, CEO and president of Planned Parenthood of Montana, said in a statement to Recorded Future News that the attack was discovered on August 28, prompting their IT team to initiate incident response protocols that included taking portions of their network offline. 

“We are grateful to our IT staff and cyber security partners, who are working around the clock to securely restore impacted systems as quickly as possible, and who are tirelessly investigating the cause and scope of the incident,” Fuller said, noting that an investigation is ongoing. 

Fuller confirmed that they are aware that the RansomHub operation — responsible for dozens of ransomware attacks in August — posted information allegedly stolen from their systems. RansomHub claimed it stole 93 GB of data from the organization in a post made on Wednesday. 

“We have reported this incident to federal law enforcement, and will support their investigation. We also want to thank our providers and health center staff, for working to minimize any operational disruptions and continue providing care to our patients. We appreciate our community’s patience and understanding as we work to address this incident,” she added.

Planned Parenthood provides a range of services centered around reproductive and sexual healthcare and education across the world, with more than 600 clinics across the United States. The Montana branch of the organization has become pivotal in the state as legislators have passed restrictive rules targeting abortion providers.

A spokesperson from Planned Parenthood declined to say whether they have examined the data that was stolen or what will be done to help people who may have information exposed on the dark web. 

Planned Parenthood clinics carry troves of incredibly sensitive healthcare data that patients would not want to be public, including data on abortion procedures and more. Earlier this year, outrage ensued after a pro-life political organization obtained mobile phone location data from a broker and used it to target people who had visited the organization’s clinics.

Last week U.S. agencies, including the Department of Health and Human Services (HHS), warned that RansomHub has emerged as a key player in the ransomware ecosystem — taking in affiliates from other ransomware operations that were shut down by law enforcement. 

The group has attacked more than 210 organizations since February and initially drew headlines for hosting data stolen from UnitedHealth Group, one of the largest insurance companies in the world. 

Ferhat Dikbiyik, chief research and intelligence officer at cybersecurity firm Black Kite, said the group’s rapid rise to the top of the ransomware ecosystem is fueled by its aggressive affiliate model 

“Unlike older groups, they've attracted affiliates by offering a 90% cut and upfront payment, driven by their rapid expansion after the downfall of groups like AlphV and Lockbit,” Dikbiyik said.

“The Planned Parenthood attack demonstrates that the group continues to prioritize organizations that are critical and hold some of the most sensitive data.”

The continued ransomware attacks on healthcare organizations prompted members of Congress to introduce new legislation last week designed to protect Americans’ healthcare data against cyberattacks.

The bipartisan legislation would direct HHS and other cybersecurity-focused agencies to make more resources available to non-federal entities like cyber threat indicators and appropriate defense measures. 

It would also create a special liaison to HHS within the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate during cybersecurity incidents and collaborate to support healthcare and public health sector entities.

They noted that more than 133 million patient records were leaked through cyberattacks in 2023.

“Hospitals and health centers are fundamental pillars of our nation's infrastructure. With the alarming rise in malicious cyberattacks causing critical data breaches, increased healthcare costs, and jeopardized patient health, we cannot delay action in addressing this issue,” said Representative Brian Fitzpatrick (R-PA).