Planned Parenthood Los Angeles has confirmed that a data breach last month exposed patient records online, including names, dates of birth, addresses, insurance identification numbers, and clinical data like diagnosis, treatment, and prescription information.
An unauthorized person accessed the network between Oct. 9 and Oct. 17, installing malware and stealing files. PPLA said it took its systems offline on Oct. 17 when it noticed suspicious activity, notifying law enforcement and engaging a cybersecurity company to investigate. On Nov. 4, the investigation concluded that patient information was taken, and Planned Parenthood LA is now notifying affected patients.
According to a Wednesday report in The Washington Post, the data breach affected around 400,000 patients.
“PPLA is mailing notification letters to patients whose information was contained in documents that were exfiltrated from our systems,” the organization said. “We also encourage patients to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive.”
PPLA says it has increased network monitoring since and hired more cybersecurity staff members.