Case Background

On December 3, 2021, Plaintiff Maria Orellana filed the first data breach lawsuit against Planned Parenthood Los Angeles (“PPLA”) and Does 1 through 100 (“Doe Defendants”), followed by six related complaints. The complaints alleged violations of privacy due to PPLA's negligence and failure to secure their personal data. A consolidated class complaint was filed on May 25, 2022, representing approximately 409,437 individuals who received data breach notices. The case was heard in the California Superior Court, Los Angeles County. Judges Elaine Lu, Yvette M. Palazuelos, David S. Cunningham III, and Elihu M. Berle presided over the case. [Case number: 21STCV44106]

Cause

On December 1, 2021, Planned Parenthood Los Angeles (PPLA), a leading reproductive healthcare provider in Los Angeles County, announced a data breach. This breach, caused by PPLA’s negligent data security, exposed the personally identifiable information (PII) and protected health information (PHI) of approximately 400,000 patients. The compromised data included names, addresses, insurance details, birth dates, and clinical information such as diagnoses, procedures, and prescriptions. Hackers infiltrated PPLA’s network between October 9 and October 17, 2021, using ransomware to s