On Wednesday, a hacker gained access to the personal information of approximately 400,000 Los Angeles patients through the Planned Parenthood program.
Los Angeles said in a statement that there is no evidence so far that any patient information has been used for fraudulent purposes or to notify patients whose information has been accessed.
The employees first noticed suspicious activity on their computer network on October 17, according to the statement. Planned Parenthood Los Angeles shut down its systems, notified law enforcement, and hired a third-party cybersecurity firm to investigate.
According to the statement, the investigation, which is ongoing, found that the hacker gained access to the health care provider’s network between October 9 and 17. The hacker installed malware and took some files from the system.
After Planned Parenthood identified the affected files, it proceeded to review to determine if they contained any patient information, according to the statement.
On November 4, the organization discovered files that included the names of certain patients, as well as one or more of the following: birth dates, addresses, insurance ID numbers, clinical data, diagnoses, treatments provided, and prescription information, according to the statement. …
Los Angeles has taken steps to strengthen security and protect patient information, including strengthening network monitoring, partnering with an external cybersecurity firm, and hiring additional cybersecurity resources and personnel, according to the statement.
“PPLA takes the protection of patient information extremely seriously and deeply regrets that this incident occurred and any concerns it may raise,” the statement said.
As a precaution, Planned Parenthood sends out letters to affected patients explaining what happened and steps they can take to protect themselves from fraud.
“Patients are encouraged to read the statements of their healthcare providers or health insurers and contact them immediately if they see payment for services they did not receive,” the statement said.
According to the statement, the hack was limited to Planned Parenthood Los Angeles and did not affect any other affiliates.
The Washington Post first reported the data breach on Wednesday.