In a posting on its website (PDF), PPMT confirmed that:
PPMT detected unusual network activity on August 28, 2024. We immediately took steps to secure our systems, began an investigation with the assistance of cybersecurity firms, and notified law enforcement. On September 6, 2024 we determined that unauthorized actors gained access to our network and acquired copies of documents that contained some patient information. The files were acquired between August 24, 2024 and August 28, 2024.
Through this investigation, PPMT has confirmed that the data affected may include: patients’ names, addresses, dates of birth, medical record numbers, health insurance information, and/or clinical information, such as provider name(s), date(s) of service, diagnosis information, treatment information, and/or prescription information.
The notification doesn’t mention any offering of free identity theft protection monitoring services. Comparitech has contacted PPMT to confirm whether or not this will be available to those affected and to clarify RansomHub’s claims which the non-profit hasn’t confirmed. We will update this article if we receive a response.
Who is RansomHub?
Over the last few months, RansomHub has become the most dominant ransomware group based on the number of postings to its data leak site. Since February 2024, we have tracked 67 confirmed attacks via this group and 347 unconfirmed attacks.
Its recently confirmed claims include several other US healthcare companies, such as Millinocket Regional Hospital (hit in July 2024 and with 813 people affected) and Wilmington Community Clinic (hit in August 2024).
RansomHub is a ransomware-as-a-service variant thought to have ties to Russia. It often follows a double-extortion technique, demanding a ransom for a decryption key to unlock the company’s systems and another for deleting all of the stolen data. In the case of PPMT, RansomHub posted various images of documents allegedly stolen in this attack, including court case information and financial/payroll data.
Ransomware attacks on US healthcare companies
Throughout 2024, we’ve noted 119 confirmed ransomware attacks on companies within the US healthcare sector (which includes pharmaceutical companies, medical device manufacturers, and other organizations that don’t provide direct care). These attacks have affected over 117.2 million records in total.
As well as the breach of highly sensitive data, ransomware attacks on healthcare organizations can cripple key systems. Causing widespread disruption, these attacks can lead to delayed care for patients and huge recovery costs for the company involved. Recently, Weiser Memorial Hospital in Idaho suffered four weeks of IT downtime as a result of an attack via Embargo, while Memorial Hospital & Manor in Georgia continues to grapple with a recent attack, also carried out by Embargo.
We have tracked 155 unconfirmed attacks on this sector this year so far, too.
About Planned Parenthood of Montana
PPMT is a non-profit organization that has been providing sexual and reproductive healthcare and education throughout the state for more than 55 years. It serves more over 15,000 patients every year at its five health centers, which are located in Billings, Great Falls, Helena, and Missoula.