Planned Parenthood of Montana confirms cyberattack | CyberScoop<\/title> <meta name=\"description\" content=\"A prolific ransomware operation claims to have stolen 93 gigabytes of data.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/planned-parenthood-of-montana-confirms-cyberattack\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Planned Parenthood of Montana confirms cyberattack\"> <meta property=\"og:description\" content=\"A prolific ransomware operation claims to have stolen 93 gigabytes of data.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/planned-parenthood-of-montana-confirms-cyberattack\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-09-05T14:32:37+00:00\"> <meta property=\"article:modified_time\" content=\"2024-09-05T14:32:38+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725476969g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81654\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81654\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fplanned-parenthood-of-montana-confirms-cyberattack%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fplanned-parenthood-of-montana-confirms-cyberattack%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81654 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/planned-parenthood-of-montana-confirms-cyberattack\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.177121771218\">\n<div class=\"single-article__header-content\" readability=\"28.380952380952\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> A prolific ransomware operation claims to have stolen 93 gigabytes of data. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Planned Parenthood signage on August 19th 2022 in New York City. (Photo by Bill Tompkins\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"26.557027463651\"><body readability=\"53.5340514246\"><\/p>\n<p>Planned Parenthood of Montana confirmed Wednesday that it was targeted in a late-August \u201ccybersecurity incident\u201d and that it is investigating the matter. <\/p>\n<p>The statement from Planned Parenthood of Montana CEO & President Martha Fuller said the organization identified the incident Aug. 28 and \u201cimmediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure.\u201d <\/p>\n<p>The statement came after RansomHub, a prolific ransomware group, listed the nonprofit on its website Wednesday. The listing, which included screenshots of documents the attackers said came from within Planned Parenthood, claimed that 93 gigabytes of data was stolen. The attackers have given Planned Parenthood until Sept. 11 to pay an undisclosed ransom or have the material published.<\/p>\n<p>The sample material so far does not seem to include private patient data. The incident occurred eight days after <a href=\"https:\/\/www.nytimes.com\/2024\/08\/20\/us\/montana-abortion-rights.html\">Montana\u2019s secretary of state certified<\/a> that a coalition of abortion rights groups had collected enough valid signatures to ensure a vote on adding a right to abortion to the state\u2019s constitution in this November\u2019s election.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe are aware of the RansomHub post,\u201d Fuller said, \u201cand want to assure our community that we are taking this matter very seriously. We have reported this incident to federal law enforcement, and will support their investigation.\u201d<\/p>\n<p>The organization is investigating \u201cthe cause and scope of the incident,\u201d Fuller said. <\/p>\n<p>Since emerging online Feb. 10, RansomHub has posted roughly 232 observed targets on its page, according to data collected by eCrime.ch, an online cybercrime research platform. The group operates as a ransomware-as-a-service operation, where affiliates use the platform and ransomware variant to carry out the attacks and split extortion proceeds with a core group of developers. <\/p>\n<p>The Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-242a\">said in an Aug. 29 advisory<\/a> that RansomHub has \u201cestablished itself as an efficient and successful service model\u201d and has encrypted and exfiltrated data from at least 210 victims since February.<\/p>\n<p>RansomHub has been tied to major incidents in its relatively brief run, most recently as the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang\/\">rumored<\/a> variant used in an attack and data exfiltration that targeted the energy services titan Halliburton, which the <a href=\"https:\/\/www.board-cybersecurity.com\/incidents\/tracker\/20240822-halliburton-co-cybersecurity-incident\/#8-k-filed-on-2024-09-03\">company said it detected Aug. 21<\/a>. Halliburton has not confirmed that RansomHub was involved.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>RansomHub was also the platform used in a second extortion attempt in April targeting UnitedHealth Group\u2019s subsidiary Change Healthcare. Attackers originally working with the now-defunct ALPHV ransomware platform took stolen Change Healthcare data to RansomHub after <a href=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/\">ALPHV\u2019s administrators scammed affiliates<\/a> out of their portion of a <a href=\"https:\/\/cyberscoop.com\/change-healthcare-attack-stolen-data-ransom-andrew-witty-unitedhealth\/\">$22 million ransom payment<\/a> ALPHV received from UnitedHealth Group. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.25\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/planned-parenthood-of-montana-confirms-cyberattack-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/planned-parenthood-of-montana-confirms-cyberattack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Planned Parenthood of Montana confirms cyberattack | CyberScoop Skip to<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,323,2603,1823,46],"tags":[286,327,2604,1824,54],"class_list":["post-5156","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-extortion","category-planned-parenthood","category-ransomhub","category-ransomware","tag-cybercrime","tag-extortion","tag-planned-parenthood","tag-ransomhub","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/planned-parenthood\/\" rel=\"category tag\">Planned Parenthood<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomhub\/\" rel=\"category tag\">RansomHub<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5156"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5156\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5156,"date":"2024-09-05T09:32:37","date_gmt":"2024-09-05T14:32:37","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81654"},"modified":"2024-09-05T09:32:37","modified_gmt":"2024-09-05T14:32:37","slug":"planned-parenthood-of-montana-confirms-cyberattack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/05\/planned-parenthood-of-montana-confirms-cyberattack\/","title":{"rendered":"Planned Parenthood of Montana confirms cyberattack"},"content":{"rendered":"