Planned Parenthood Leak Exposes Patient Data

Philip BaderCybersecurity

A ransomware attack on Planned Parenthood Los Angeles (PPLA) last month led to the exposure of sensitive personal and health information for as many as 400,000 of the reproductive health provider’s patients. A company spokesperson said cybercriminals used the same ransomware that successfully forced the temporary closure of the Colonial Pipeline earlier this year.

PPLA discovered in mid-November that someone had gained unauthorized access to its computer network and stolen patient information. A subsequent cybersecurity investigation revealed that this patient data included names, addresses, dates of birth, insurance ID numbers, prescriptions, and treatments.

Lucrative Targets

Cybercriminals have increasingly targeted healthcare providers with ransomware and other malware attacks in recent years. The protected health information (PHI) they gather and store can earn a lucrative return when sold online for the purposes of fraud or identity theft. Under HIPAA legislation, failure to protect it can result in costly regulatory fines as well as damage to an organization’s reputation.

Planned Parenthood has long been a target of activists who object to the abortion services they provide. However, the organization also focuses on affordable general health services, cancer screenings, pregnancy and STD testing, and health education for women and men. It is often the principal provider of general health services for many of its patients. As a result, it routinely handles a considerable amount of PHI.

Ransomware on the Rise

This year has seen a substantial increase in the frequency of ransomware attacks. A mid-year assessment by cybersecurity firm SonicWall found that cybercriminals had attempted more than 304 million ransomware attacks in the first half of 2021 – more than all attempts documented by the company throughout 2020.

A report by Security Intelligence illustrates the ongoing challenge for healthcare providers in keeping PHI safe from unauthorized access. A survey of nearly 600 healthcare delivery organizations found that 62% were not confident in their ability to protect patient data from ransomware.

More troubling still, some 71% reported that successful cyberattacks had led to longer patient stays, and a similar percentage said that such attacks had forced the delay of medical procedures. About 65% stated that cyberattacks had led to an increase in the diversion of patients to other facilities. Nearly 20% said the attacks led to a rise in patient mortality rates.

Compliance Is Critical

HIPAA regulations impose heavy penalties on organizations that fail to protect patient data. In addition to damaging patient trust, the failure of healthcare providers to effectively protect their computer networks can diminish the quality of care that patients receive. It can also put patient lives at risk, particularly at a time when healthcare systems are already overburdened with the ongoing global COVID-19 pandemic.

SecureData knows how critical patient privacy can be and how essential it is for organizations to have the right tools to maintain regulatory compliance and patient trust. That’s why we created comprehensive data security solutions that give healthcare professionals unrivaled protection from data breaches commonly associated with ransomware attacks.

Solutions that Deliver

SecureData offers FIPS-validated and hardware-encrypted portable storage devices that provide unmatched protection for regulated data at rest or in transit. Our KP line authenticates via an onboard alphanumeric keypad and PIN, while the BT line authenticates by way of a free smartphone app that can also leverage Android/iPhone’s Touch ID and Face ID biometric security features.

Both KP and BT drives are OS/host-independent and work with any device that has a standard USB port. BT drives are also enabled for use out of the box with our  Remote Management Console. This software-free subscription service gives IT administrators centralized control over access to BT storage drives throughout an organization from anywhere in the world.

SecureData also helps healthcare professionals protect one of the most common pathways for ransomware attack: USB ports. SecureGuard is a data loss prevention software solution deployed within the Remote Management Console that offers always-on protection with USB blocking functions that limit network access only to authorized devices.

Call us at 424-363-8535 to speak to one of our data security experts or to set up a free demo.