RansomHub gang stole 93GB of data from sexual health provider Planned Parenthood

Planned Parenthood confirms ransomware attack

Cyberattack on Planned Parenthood

Planned Parenthood of Montana was the victim of a ransomware attack executed by the RansomHub group at the end of August 2024. The attack resulted in the theft of almost 100 GB of data, including financial, administrative, and court-related documents. The breach was publicized by the RansomHub group on its dark website,[1] in which it gave organizations seven days to meet its ransom demands or risk their stolen data being leaked.

Planned Parenthood quickly responded by bringing down parts of its IT systems to prevent further damage. CEO Martha Fuller said the organization was also working with cybersecurity experts as well as federal law enforcers to find out more about the attack. She said:[2]

We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure

She also had a quick mention that the organization was taking the issue with a lot of weight and was geared towards restoring its systems back to normal in the soonest time possible.

The stolen data has not yet been published by the ransomware group, but in the case of a non-profit that handles sensitive health and personal data, such a threat is severe. Thousands of patients are served each year through Planned Parenthood of Montana, including vulnerable populations, so the potential impact is worrying.

Only financial and administrative data confirmed to be stolen so far

The attack on Planned Parenthood raises serious questions, not least about the privacy of patients. Planned Parenthood offers a range of sexual and reproductive health services, inclusive of abortion care and contraception. Whether patient data was actually stolen from its database is yet to be ascertained; the leak of such information can be quite nasty. So far, the RansomHub group has only released administrative and financial files.

Planned Parenthood has not for the first time been targeted by ransomware. In 2021, its Los Angeles branch was compromised, and personal information for 400,000 patients was exposed.[3] Further data breaches could amount to harming not only the organization but also those seeking confidential care.

Cyber criminals are targeting healthcare organizations increasingly, with cyber attacks similar to those that hit Planned Parenthood. Investigations are still ongoing concerning the severity of the breach, but the organization is worried because patient data might have been compromised.

Who is RansomHub?

One of the newest ransomware groups to emerge, RansomHub quickly made headlines since its first attack in February 2024. The group operates via a Ransomware-as-a-Service model that allows for affiliates to conduct attacks on behalf of the group. Despite being a newer group, RansomHub has already targeted more than 200 organizations, including high-profile companies like Halliburton and Rite Aid:[4]

Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.

RansomHub uses a double extortion strategy, where they encrypt business data and threaten to leak it. The group suddenly emerged, leaving people wondering if it could be an offshoot of established ransomware groups like ALPHV/BlackCat.[5] The fact that it targets entities that are U.S.-based implies that RansomHub could have an affiliation with Russian cybercriminal syndicates, seeing that it steers clear of countries such as Russia, Cuba, and China.

As one example, the FBI and CISA released alerts on RansomHub-targeting healthcare organizations,[4] which situated this attack on Planned Parenthood within a broader set targeting critical infrastructure.

What Planned Parenthood's response was and what it is doing next

Planned Parenthood worked to minimize the impact from the breach. CEO Martha Fuller praised the IT staff at her organization for their quick responses and thanked the health center employees who have kept working at providing care with minimal interruption. She also let it be known that Planned Parenthood is fully cooperating with law enforcement and cybersecurity experts. The organization is working to secure its systems and prevent more attacks in the future.

As Planned Parenthood determines the scope of the breach, it has vowed to stay true to their mission: providing reproductive healthcare while maintaining the privacy of their patients. The Planned Parenthood case is another incident that brings attention to the rising risk that ransomware is posing to healthcare providers.

Though Planned Parenthood is in the process of maximizing its defense mechanisms, the risk of future attacks is high, given the ever-increasing targeting of the sector.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare