Planned Parenthood Los Angeles has confirmed that a data breach last month exposed patient records online, including names, dates of birth, addresses, insurance identification numbers, and clinical data such as diagnosis, treatment, and prescribing information.
An unauthorized person accessed the network between October 9 and 17, installing malware and stealing files. PPLA said it took its systems offline on October 17 when it noticed suspicious activity, notified law enforcement and hired a cybersecurity company to investigate. On November 4, the investigation concluded that patient information was taken and Planned Parenthood LA is now notifying affected patients.
According to a report Wednesday in The Washington Post, the data breach affected about 400,000 patients.
“PPLA is sending notification letters to patients whose information was contained in documents that were pulled from our systems,” the organization said. “We also encourage patients to review the statements of their health care providers or health insurers and contact them immediately if they see charges for services they did not receive.”
PPLA says it has increased network monitoring since then and has hired more cybersecurity staff.