RansomHub Ransomware Hits Planned Parenthood, Threatens with Data Leak 

• Reproductive and sexual health services company Planned Parenthood suffered a data breach that exposed customer details.
• RansomHub Ransomware claimed the attack and published a sample of the stolen information.
• The company did not state whether it intends to pay the ransom to avoid the confidential information leak.

Planned Parenthood of Montana has confirmed it was hit by RansomHub Ransomware, which is reportedly threatening to leak 93 GB of stolen data unless a ransom is paid. The network intrusion was detected on August 28, and an investigation is ongoing.

The threat actors already published a sample of confidential documents on their extortion portal on the Dark Web. Planned Parenthood is one of the largest U.S. providers of reproductive and sexual health services.

The New York-based nonprofit organization initiated incident response protocols, including taking parts of its network offline as a precaution. The organization has enlisted federal law enforcement and information security experts to investigate and secure its IT environment.

The breach precedes a security alert issued by the FBI, CISA, and other US agencies, highlighting RansomHub's recent aggressive activities.

RansomHub is a ransomware-as-a-service (RaaS) known to overlap with other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware. The group has been active since February and reportedly targeted over 210 victims in various sectors, including healthcare, government services, and critical infrastructure.

The RansomHub Ransomware gang recently hit the Halliburton oilfield services giant, disrupting some of the company’s global networks and its north Houston campus business operations.

The recent Patelco Credit Union breach was also attributed to the RansomHub Ransomware group, which leaked 726,000 customers’ data on the group's extortion portal on August 15 after the ransom payment negotiations allegedly failed.

Revenue and payment cycle management provider Change Healthcare's data breach was posted on RansomHub’s leak website after the cybercriminal group that claimed it, ALPHV, was shut down.