Planned Parenthood of Montana was hit with a ransomware attack on August 28, 2024. RansomHub, a ransomware group targeting critical infrastructure, claimed responsibility. The group posted about the Planned Parenthood cyberattack on its leak site on Wednesday, September 4, claiming to have stolen 93 gigabytes of data.

Planned Parenthood is a New York-based nonprofit organization that provides reproductive health care services, education, and advocacy for birth control. It is one of the largest providers of reproductive and sexual health services in the United States.

Martha Fuller, president and CEO of Planned Parenthood of Montana, said that the organization immediately engaged its incident response protocols and took parts of its network offline as soon as it learned of the incident.

“We are grateful to our IT staff and cybersecurity partners, who are working around the clock to securely restore impacted systems as quickly as possible and who are tirelessly investigating the cause and scope of the incident,” Fuller said.

RansomHub’s post included screenshots of documents the attackers said came from within Planned Parenthood. The attackers have given Planned Parenthood until September 11 to pay an undisclosed ransom or have the material published.

RansomHub Poses a Serious Threat

RansomHub is a ransomware-as-a-service (RaaS) group targeting healthcare, government, financial services, and critical manufacturing organizations.

According to CrowdStrike, a cybersecurity consulting company,

Ransomware-as-a-service is a business model between ransomware operators and affiliates in which affiliates pay to launch ransomware attacks developed by operators. Think of ransomware as a service as a variation of software as a service (SaaS) business model.

RaaS kits allow affiliates lacking the skill or time to develop their own ransomware variant to be up and running quickly and affordably. They are easy to find on the dark web, where they are advertised in the same way that goods are advertised on the legitimate web.

A RaaS kit may include 24/7 support, bundled offers, user reviews, forums and other features identical to those offered by legitimate SaaS providers. The price of RaaS kits ranges from $40 per month to several thousand dollars – trivial amounts, considering that the average ransom demand in 2021 was $6 million. A threat actor doesn’t need every attack to be successful in order to become rich.

The Cybersecurity and Infrastructure Security Agency (CISA) said in an August 29 advisory that RansomHub has “established itself as an efficient and successful service model” and has encrypted and exfiltrated data from at least 210 victims since February.

In April, RansomHub was part of a second extortion attempt against UnitedHealth Group’s subsidiary Change Healthcare. Hackers initially working with the ALPHV ransomware group took stolen Change Healthcare data to RansomHub after members of the ALPHV group scammed affiliate groups out of their shares of a $22 million ransom payment ALPHV received from UnitedHealth Group.

Action Steps to Prevent Ransomware

CISA recommends the following actions be taken today to mitigate cyber threats from ransomware:

1. Install updates for operating systems, software, and firmware as soon as they are released.
2. Require phishing-resistant MFA (i.e., non-SMS text-based) for as many services as possible.
3. Train users to recognize and report phishing attempts.

Follow HIPAA

HIPAA compliance is a blueprint to prevent cybercrime.

The HIPAA E-Tool^® delivers confidence with complete policies and forms to stay up-to-date. The E-Tool’s Security Rule Checklist provides all the keys for compliance with the HIPAA Security Rule, the gold standard for cybersecurity defense. The Checklist, along with a comprehensive HIPAA Risk Analysis, reminds you of each mitigation step needed to stay ahead of the hackers and keep patient information safe.

To help strengthen your compliance, call The HIPAA E-Tool^® today. (800-570-5879 or info@hipaaetool.com)