An October hacking incident exposed information on 400,000 patients of Planned Parenthood Los Angeles, including medical records, the clinics reported.
The incident involves only patients of Planned Parenthood Los Angeles, which operates 21 health centers in the Southern California city, the agency said in a statement on its site.
Stolen data includes personal information such as birth dates and also may include medical records about diagnoses, procedures and prescriptions, Planned Parenthood said.
A hacker broke into the reproductive health-care group’s computer system between Oct. 9 and Oct. 17, planting malware and removing files, the statement said.
Spokesperson John Erickson told The Washington Post the hack appeared to be part of a ransomware scheme, in which hackers block access to a company’s information to demand a ransom for its release.
After a review revealed that patient information may have been compromised, the agency began notifying patients by mail.
There’s no evidence the stolen information has been used for fraud, the agency said.
“Patients are encouraged to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive,” Planned Parenthood Los Angeles said in the statement.
The stolen data may include dates of birth, addresses, insurance identification numbers, and clinical data, such as diagnosis, treatment, or prescription information.
“We take the safeguarding of patients’ information extremely seriously, and deeply regret that this incident occurred and for any concern this may cause,” Planned Parenthood Los Angeles said in the statement.
The health-care group said it has taken steps to improve cybersecurity following the breach. An investigation into the breach is continuing.
Planned Parenthood clinics in Washington, D.C., experienced a data breach in 2020, The Washington Post reported.