Sexual and reproductive health care provider Planned Parenthood of Montana suffered a ransomware attack earlier this week in which it lost gigabytes of sensitive customer data.
The company’s CEO and president of the Planned Parenthood Montana office, Martha Fuller, confirmed the news to The Register, giving the usual in-advance prepared statement how the company activated its incident response protocol, notified law enforcement, and is taking the matter “very seriously”.
“We are grateful to our IT staff and cyber security partners, who are working around the clock to securely restore impacted systems as quickly as possible, and who are tirelessly investigating the cause and scope of the incident,” she told the publication. “That investigation is ongoing.”
RansomHub takes the blame
While Planned Parenthood of Montana is investigating the matter, the hackers behind the attack have already added the organization to its data leak site and are threatening to release gigabytes of data unless a ransom is paid. The group, according to the same source, is RansomHub, the infamous threat actor that spun out of the defunct ALPHV. In fact, just earlier this week, CISA and friends issued a new security advisory warning organizations in both the public and private sector of the dangers RansomHub poses to their operations.
On the data leak site, RansomHub claims to have stolen 93 GB of sensitive data and has given the organization seven days to come back with the money. So far, neither Planned Parenthood, nor RansomHub, discussed the nature of the data stolen, so we don’t know how much personally identifiable information (PII) is found in the archives.
It’s also worth mentioning that Planned Parenthood of Montana is a non-profit, and most of its money comes from government grants and different donations. Whether or not the organization has enough money to pay the ransom demand remains to be seen.