Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.

This comes as ransomware crew RansomHub boasted it had broken into the nonprofit, and stolen its data, which it is threatening to leak unless payment is made.

According to Martha Fuller, CEO and president of the US state's Planned Parenthood office, a network intrusion – or a "cybersecurity incident" as the org put it – was spotted on August 28. 

"We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure," Fuller told The Register in an emailed statement.

"We are grateful to our IT staff and cyber security partners, who are working around the clock to securely restore impacted systems as quickly as possible, and who are tirelessly investigating the cause and scope of the incident," she added. "That investigation is ongoing."

RansomHub claims to have snatched 93 GB of the organization's data, and says it will share it online in seven days unless the nonprofit pays. We should note: Nonprofits are not known for their deep pockets and ability to pay multi-million ransom demands.

Fuller declined to answer specific questions about the network intrusion, including what, if any, data was stolen in the attack, and if RansomHub was behind the break-in. She did, however, acknowledge the criminals' claims and threats to leak the stolen data.

"We are aware of the RansomHub post, and want to assure our community that we are taking this matter very seriously," Fuller said. "We have reported this incident to federal law enforcement, and will support their investigation."

• RansomHub hits 210 victims in just 6 months
• Ransomware batters critical industries, but takedowns hint at relief
• RansomHub-linked EDR-killing malware spotted in the wild
• Six ransomware gangs behind over 50% of 2024 attacks

The FBI did not immediately respond to The Register's inquiries.

The Planned Parenthood office security breach, however, happened a day before the FBI, CISA, and other US government agencies issued a security alert warning that RansomHub was aggressively targeting victims as recently as August.

The criminal organization, which has been scooping up former LockBit and ALPHV gang members as law enforcement has disrupted those groups, has hit at least 210 victims since February, according to the Feds.

These victims span water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.

May we add, infecting a nonprofit that provides reproductive healthcare services across the country is an especially low act, even for a ransomware crew. ®