Planned Parenthood of Montana (PPMT) confirmed today in a statement to CyberInsider that its systems were compromised in a cybersecurity incident after the notorious ransomware group RansomHub claimed responsibility for the breach.
In a public statement issued to CyberInsider by Martha Fuller, CEO and President of PPMT, the organization revealed that it had identified the attack on August 28, 2024, and has since initiated a comprehensive incident response to mitigate the damage. While PPMT is working closely with cybersecurity experts and federal law enforcement, the full scope of the attack is still under investigation.
RansomHub, a ransomware group known for targeting healthcare and nonprofit organizations, posted several files on its leak site, claiming to have exfiltrated 93 GB of sensitive data from PPMT's systems.
The documents include financial records, budget statements for fiscal years 2023 and 2024, payroll information, and internal corporate transaction data. Although patient data has not been leaked at this time, the nature of the stolen files raises concerns about potential further disclosures.
“We are aware of the RansomHub post, and want to assure our community that we are taking this matter very seriously,” Fuller stated. “We have reported this incident to federal law enforcement, and will support their investigation.”
Fuller also praised PPMT's response, including taking portions of the network offline as a precautionary measure, and thanked the IT staff for working “around the clock” to restore impacted systems and minimize operational disruptions, ensuring continued care for patients.
Planned Parenthood operates over 600 health centers across the United States, making it one of the largest providers of reproductive health services, including contraception, cancer screenings, and abortion care.
PPMT serves patients across Montana and surrounding regions. A significant data breach within the organization could not only disrupt operations but also potentially expose sensitive information related to its finances and internal processes. While patient data has not yet been implicated, the possibility of further disclosures remains a critical concern.
The threat actor claims they have exfiltrated 93 GB of data, threatening to leak it unless their demands are met. The amount of money the threat actors want remains undisclosed. If confirmed, this data breach could be one of the largest cyberattacks in the nonprofit healthcare sector this year.
RansomHub's recent activity suggests they are targeting high-profile entities, leveraging sensitive data to extort organizations into paying hefty sums. The group has previously targeted institutions in healthcare, energy, government, and technology. It appears that their capability to infiltrate networks undeterred emboldens them to continue attacking healthcare providers, particularly those with large datasets of valuable patient information.
While PPMT continues to serve its patients, the leaked financial records could lead to financial instability and public scrutiny. Furthermore, any future disclosure of more sensitive data, such as patient information, could have severe legal and reputational consequences for the organization.
Leave a Reply