Renown healthcare and education provider Planned Parenthood of Montana confirmed of a 93GB data breach which occurred on 28th August 2024. The ransom seeker group RansomHub has claimed the responsibility and threatened the organization of leaking their sensitive data if their demands are not fulfilled.
While trying to estimate the damage and evaluating the sensitivity of lost data , Planned Parenthood’s IT team is taking their time before making any statements. There has been stern reactions from various industry experts on this cyberattack.
Thomas Richards, Synopsys Software Integrity Group, reacted, “The attack on Planned Parenthood continues the unsettling trend of healthcare providers being targeted by ransomware groups. We see an increase in breaches from different industry verticals as ransomware gangs target organizations that have less robust cybersecurity practices. With how sensitive the breached information is, patients of Planned Parenthood should register for credit monitoring services and be mindful of any medical claims made.”
Kevin Kirkwood, CISO at Exabeam, remarks, “A cyberattack on Planned Parenthood has caused the organization to take various systems offline to limit the extent of the attack. This incident which was allegedly claimed by the RansomHub threat group, follows a joint cybersecurity advisory issued just a week earlier by the FBI and CISA. This advisory warned about the group’s expanding activity, targeting organizations across sectors including government services, water and wastewater, transportation, and healthcare.
CISA—in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS)—released a joint Cybersecurity Advisory, #StopRansomware: RansomHub Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with RansomHub activity identified through FBI investigations and third-party reporting as recently as August 2024.
“Organizations are advised of running a security program that’s flexible and adaptble in its approach towards new TTPs (tactics, techniques and procedures) and IOCs. Rules should encompass those changes in your SIEM solution and be ready to alert the SOC community as soon as practicable. These mitigations should serve as a base for organizations across sectors to effectively mitigate against RansomHub. By taking these steps, organizations can strengthen their defenses and build a more proactive cybersecurity posture.”
