The October hack may have compromised the personal health information of more than 400,000 area patients.
Planned Parenthood Los Angeles is facing a class action lawsuit after an October cyberattack revealed the personal health records of more than 400,000 area patients.
According to FOX News, one of the affected patients filed a lawsuit last week, alleging that she suffered anxiety and stress after learning that her medical information may have been leaked online.
In her complaint, the woman asserts that Planned Parenthood violated federal law by failing to provide adequate security against cyberattacks.
Becker’s Hospital Review notes that Planned Parenthood was targeted by hackers between October 9 and 17.
Over the course of about a week, hackers infected Planned Parenthood Los Angeles’s network, then extracted patient information files from its server.
The extracted information included “patients’ names, addresses, birthdates, insurance details, and clinical data, such as diagnosis and procedure information.”
The data also included “highly sensitive information” such as the treatment of sexually transmitted diseases, and procedures performed by Planned Parenthood Los Angeles’s abortion clinic.
FOX News’s coverage of the incident suggests that the cyberattack may have been a “ransomware” incident, in which hackers seize a computer, server, or sensitive information; they then demand compensation, often in BitCoin or other cryptocurrency, to release or delete the information.
Other prospective members of the class, says FOX News, have claimed they had to pay out-of-pocket to secure their accounts after their data was compromised in the breach.
While Planned Parenthood has since remained tight-lipped, the organization did say that it is conducting an ongoing investigation into the circumstances and extent of the cyberattack.
“As soon as we determined what files were involved, PPLA began a review of those files to determine whether any contained patient information,” Planned Parenthood Los Angeles said in a press notice.
“On November 4, we identified files that contained certain patients’ names, and one or more of the following: dates of birth, addresses, insurance identification numbers, and clinical data, such as diagnosis, treatment, or prescription information,” they said.
“While at this time, we have no evidence that any information involved in this incident has been used for fraudulent purposes, out of an abundance of caution, PPLA is mailing notification letters to patients whose information was contained in documents that were exfiltrated from our systems,” the notice said. “We also encourage patients to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive.”