Planned Parenthood has confirmed it experienced a cyberattack that impacted its IT systems, leading the organization to take certain parts of its infrastructure offline to prevent further damage. This nonprofit, headquartered in New York, offers a range of reproductive health services, education, and advocacy, and is one of the largest providers of such services in the U.S.

Martha Fuller, President and CEO of Planned Parenthood of Montana (PPMT), told BleepingComputer that the cybersecurity incident occurred in late August 2024 and that the organization is actively investigating its extent. Fuller explained that PPMT discovered the incident on August 28, 2024, and immediately initiated its incident response protocols, including disconnecting parts of its network as a precautionary measure. She commended the quick action taken by the IT team and their ongoing efforts to restore systems.

The RansomHub ransomware group has claimed responsibility for the attack and threatened to release 93GB of data allegedly stolen from Planned Parenthood within six days. They have already posted some confidential documents on their dark web extortion site as evidence. Recently, several U.S. government agencies, including the FBI and CISA, issued a warning about RansomHub’s focus on targeting healthcare organizations, with Planned Parenthood being the latest victim.

In response to these claims, Fuller confirmed that they are closely monitoring the situation and have reported it to the FBI. She reassured the public that Planned Parenthood is taking the matter seriously and is cooperating with federal authorities in their investigation.

Given the range of services provided by Planned Parenthood, including contraception, abortion care, and hormone therapy, a breach could raise significant privacy concerns for patients. However, it has not yet been confirmed if any data was stolen, and the investigation is still ongoing.

This incident follows a previous ransomware attack on the Los Angeles branch of Planned Parenthood in late 2021, in which the private information of 400,000 patients was compromised.