Seattle-based Laboratory Services Cooperative (LSC) has announced that approximately 1.6 million individuals have had their sensitive health information compromised following a network breach.
The nonprofit organization, which provides centralized laboratory services to select Planned Parenthood centers and other affiliates across more than 35 U.S. states, detected suspicious network activity on October 27, 2024.
LSC says it immediately engaged cybersecurity specialists and notified federal law enforcement of the intrusion.
“The investigation revealed that an unauthorized third party gained access to portions of LSC’s network and accessed/removed certain files belonging to LSC,” the organization stated in its official notice.
The compromised information varies by individual but may include highly sensitive data such as:
- Personal identifiers: Full names, Social Security numbers, driver’s license or passport numbers, dates of birth, and government-issued IDs
- Medical information: Service dates, diagnoses, treatments, lab results, and provider/facility details
- Insurance information: Plan types, insurer names, and member/group ID numbers
- Financial data: Claims, billing details, and banking/payment card information
This breach primarily affects individuals who underwent laboratory testing through Planned Parenthood centers that utilize LSC’s services.
“If you, or someone whose healthcare bills you pay for, visited one of these centers and had lab tests done or were referred for lab tests, your information might be part of this incident,” the company said.
“Please be advised that this incident did not involve all Planned Parenthood centers. It specifically may have impacted only those centers that received lab testing services from LSC. It is important to note that LSC began providing services to these centers at different times, with some partnerships starting as recently as the past few years.”
The organization has established an FAQ page and dedicated phone line to help affected individuals determine if their specific Planned Parenthood center was impacted, though privacy concerns prevent LSC from confirming individual-level exposure.
“For a list of states where LSC partners with Planned Parenthood centers, individuals can visit the FAQ section of LSC’s website notice available at https://www.LSCIncidentSupport.com,” it stated.
While cybersecurity experts continue monitoring dark web markets and forums for potential data leaks related to this breach, no evidence of exposed information has been detected so far.
“The cybersecurity specialists hired by LSC are using tools and techniques to scan various dark web forums, marketplaces, and other platforms. As of this writing, they have not found any evidence that information involved in this incident is on the dark web,” the company said.
The investigation remains ongoing.
LSC is offering complimentary credit monitoring and medical identity protection services to potentially affected individuals for either 12 or 24 months, depending on state regulations.
“LSC has set up a website to help individuals learn more about the incident and to provide resources to protect their information. These resources include free credit monitoring and medical identity protection services through CyEx Medical Shield Complete.”
A special “Minor Defense” service will be provided for affected minors without Social Security numbers or credit histories. The enrollment deadline for these protective services is July 14, 2025.
You must be logged in to post a comment.