RansomHub claims responsibility for cyberattack on Planned Parenthood
Planned Parenthood, a New York-based nonprofit organization that provides reproductive health care services, has suffered a cyberattack. Ransomware operation RansomHub claims to be responsible for the attack.
According to Martha Fuller, CEO and president of Planned Parenthood of Montana, the cyberattack took place in late August. On August 28, employees discovered a ‘cybersecurity incident’ that was affecting the organization’s IT systems.
“We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure,” Fuller tells BleepingComputer.
The CEO doesn’t share any further details at the moment but ensures that the company is currently investigating the scope and impact of the attack. She praises the IT staff members for their ongoing system restoration efforts.
In the meantime, RansomHub claims to have stolen 93 GB of data in just six days. To prove its claims, the ransomware operation has published some confidential documents on the dark web. Fuller is aware of RansomHub’s allegations and is monitoring the situation in accordance with the FBI.
“We are aware of the RansomHub post and want to assure our community that we are taking this matter very seriously. We have reported this incident to federal law enforcement and will support their investigation,” the president of Planned Parenthood of Montana tells BleepingComputer.
Earlier this month, several U.S. law enforcement and intelligence agencies released a joint advisory describing RansomHub’s known tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs).
Since its first appearance in February 2024, at least 210 businesses and organizations have fallen victim to RansomHub, that we know of. On average, that’s one victim per day. The agencies recommend implementing a reliable password and email policy, recovery plan, update policy, network segmentation, network monitoring activities, multi-factor authentication (MFA), and training staff members on how to recognize digital threats.
Your email address will not be published. Required fields are marked