Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group.

Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.

The patients who rely on Planned Parenthood for care are frequently low-income and face health care disparities due to race, gender, sexuality, or because they live in underserved areas. Sometimes they are minors that have been in contact with the criminal justice system, and they are not eligible for insurance or depend on Medicaid Expansion for coverage.

The group behind the attack, Ransomhub, has claimed responsibility on their leak site where they threaten to publish stolen data to increase the leverage over their victims.

RansomHub's listing of Planned Parenthood on their leak site
Planned Parenthood listed on RansomHub’s leak site

“Intermountain Planned Parenthood, a leading nonprofit organization, is dedicated to empowering individuals in Montana to make informed decisions regarding their sexual and reproductive health.”

The listing on the leak site shows financial information, court papers, and insurance certificates. Ransomhub set a timer for Planned Parenthood. The timer counts to September 11 before the release of all the data.

On the leak site every entry has a timer running back to the time of release of the data if the victim doesn't pay
Timer before release of the data

Ransomhub listed the size of the data set at 93 GB, but ransomware groups have been known to exaggerate, lie, and mislead. They are criminals after all.

As laid out in a recent joint advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS),  RansomHub is a relatively new but very active Ransomware-as-a-Service group known to target healthcare organizations and other critical infrastructure sectors.

According to a recent ThreatDown ransomware report, healthcare and education are the hardest hit sector after “Services” in the US, accounting for 60% and 71% of global attacks in these sectors, respectively.

And in the ThreatDown Ransomware Review of August 2024 we can see that Ransomhub was the gang responsible for the largest number of known attacks in July.

Known ransomware attacks by group, July 2024

This story will be updated once we find out more about the nature of the stolen data.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

https://blog.malwarebytes.com/feed/