{"id":25152,"date":"2024-09-12T09:05:36","date_gmt":"2024-09-12T17:05:36","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/09\/12\/news-18882\/"},"modified":"2024-09-12T09:05:36","modified_gmt":"2024-09-12T17:05:36","slug":"news-18882","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/09\/12\/news-18882\/","title":{"rendered":"Planned Parenthood partly offline after ransomware attack"},"content":{"rendered":"\n

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group.<\/p>\n

Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.<\/p>\n

The patients who rely on Planned Parenthood for care are frequently low-income and face health care disparities due to race, gender, sexuality, or because they live in underserved areas. Sometimes they are minors that have been in contact with the criminal justice system, and they are not eligible for insurance or depend on Medicaid Expansion for coverage.<\/p>\n

The group behind the attack, Ransomhub, has claimed responsibility on their leak site where they threaten to publish stolen data to increase the leverage over their victims.<\/p>\n

\"RansomHub's
Planned Parenthood listed on RansomHub’s leak site<\/figcaption><\/figure>\n
\n

\u201cIntermountain Planned Parenthood, a leading nonprofit organization, is dedicated to empowering individuals in Montana to make informed decisions regarding their sexual and reproductive health.\u201d<\/p>\n<\/blockquote>\n

The listing on the leak site shows financial information, court papers, and insurance certificates. Ransomhub set a timer for Planned Parenthood. The timer counts to September 11 before the release of all the data.<\/p>\n

\"On
Timer before release of the data<\/figcaption><\/figure>\n

Ransomhub listed the size of the data set at 93 GB, but ransomware groups have been known to exaggerate, lie, and mislead. They are criminals after all.<\/p>\n

As laid out in a recent joint advisory<\/a> by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS),  RansomHub is a relatively new but very active Ransomware-as-a-Service group known to target healthcare organizations and other critical infrastructure sectors.<\/p>\n

According to a recent ThreatDown ransomware report<\/a>, healthcare and education are the hardest hit sector after “Services” in the US, accounting for 60% and 71% of global attacks in these sectors, respectively.<\/p>\n

And in the ThreatDown Ransomware Review of August 2024<\/a> we can see that Ransomhub was the gang responsible for the largest number of known attacks in July.<\/p>\n

\"Known<\/figure>\n

This story will be updated once we find out more about the nature of the stolen data.<\/p>\n

Protecting yourself after a data breach<\/strong><\/h2>\n

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach<\/a>.<\/p>\n