Sexual and reproductive health care provider Planned Parenthood of Montana suffered a ransomware attack earlier this week that left it losing gigabytes of sensitive client data.
The company's CEO and Planned Parenthood Montana office president, Martha Fuller, confirmed the news to The Registrygiving the usual pre-prepared statement about how the company activated its incident response protocol, notified law enforcement and is taking the matter “very seriously.”
“We are grateful to our IT staff and cybersecurity partners, who are working around the clock to safely restore the affected systems as quickly as possible and who are tirelessly investigating the cause and scope of the incident,” he told the publication. “That investigation is ongoing.”
RansomHub takes the blame
While Planned Parenthood of Montana investigates the matter, the hackers behind the attack have already added the organization to their data leak site and are threatening to release gigabytes of data unless a ransom is paid. The group, according to the same source, is RansomHub, the infamous threat actor that emerged from the defunct ALPHV. In fact, earlier this week, CISA and its allies issued a new security advisory warning organizations in both the public and private sectors about the dangers RansomHub poses to their operations.
On the data breach site, RansomHub claims to have stolen 93GB of sensitive data and has given the organization seven days to return the money. So far, neither Planned Parenthood nor RansomHub have commented on the nature of the stolen data, so we don't know how much personally identifiable information (PII) is in the files.
It is also worth mentioning that Planned Parenthood of Montana is a non-profit organization and most of its money comes from government grants and various donations. It remains to be seen whether the organization has enough money to pay the demanded ransom.
