Planned Parenthood clinic in Montana hit by ransomware

A ransomware attack on a Planned Parenthood clinic in Montana has been claimed by the cybercrime group RansomHub. The gang is threatening to release 93GB of stolen data unless a ransom is paid within seven days.

The data breach was first acknowledged on August 28, 2024, by Planned Parenthood of Montana after it "identified a cybersecurity incident." The organization has since initiated its incident response protocols, including taking parts of its network offline as a precautionary measure.

Planned Parenthood of Montana President and CEO Martha Fuller confirmed the incident and stated that the organization is treating the matter with utmost seriousness. The breach has been reported to federal law enforcement, and investigations are ongoing to determine the full extent of the impact. As of now, it is unclear if any sensitive patient information was compromised; the only files leaked so far pertain to administrative and financial documents.

The exposed data includes:

• The clinic’s annual budget
• A bill from a payment platform company
• Liability insurance document
• Legal document related to a lawsuit involving Planned Parenthood of Montana

Planned Parenthood is actively investigating the cause and scope of the attack and working to minimize operational disruptions while continuing to provide care to patients. The organization has not disclosed whether it has received a ransom demand or intends to pay.