Planned Parenthood Los Angeles is facing a potential class action lawsuit after it notified about 400,000 patients that their protected health information was exposed during a cyberattack.
Between Oct. 9 and 17, hackers inflicted malicious software on the reproductive healthcare provider's network and then extracted files from its systems. After discovering the attack on Oct. 17, Planned Parenthood took its systems offline, alerted law enforcement and launched an investigation.
Patient information exposed by the breach includes names, addresses, birthdates, insurance details, and clinical data such as diagnosis and procedure information, according to a notification letter sent to patients filed with the attorney general of California. In the letter, Planned Parenthood said there is no evidence that information exposed by the attack has been used for fraud.
The lawsuit, filed Dec. 9, alleges that data security failures led to the cyberattack. It was filed by a patient using the initials K.O. to protect her privacy.