The organisation notified the US Department of Health and Human Services of the incident. It affected 409,759 individuals. On 17 October 2021, suspicious activity was identified on the computer network and, following an investigation, it was determined that it had been accessed by an unauthorised person who had installed malware (ransomware) and stolen some files.
The administrator took immediate steps to stop the leak, notified the relevant authorities and engaged an external cyber security firm. Planned Parenthood said the breached files contained patients’ names and dates of birth, addresses and insurance identification numbers, as well as clinical data such as diagnosis, course of treatment or prescription information.
So far, there is evidence that personal data has been misused. However, the organisation has informed data subjects of the breach and has taken steps to improve security measures, including increasing network monitoring, engaging an external cyber security firm and hiring additional information security officers.