Laboratory Services Cooperative (LSC) confirmed a data breach impacting around 1.6 million individuals. The Seattle-based nonprofit provides laboratory services to organizations like Planned Parenthood across over 35 U.S. states. LSC was a key player in reproductive health services, handling sensitive data such as medical, financial, and personal information for its affiliates. Hackers infiltrated LSC’s systems in October 2024, stealing crucial data.
LSC discovered suspicious activity on October 27, 2024, prompting immediate engagement of cybersecurity specialists. The investigation revealed that an unauthorized third party accessed and removed files containing personal, medical, and financial data. The breach primarily affected individuals who underwent lab tests at select Planned Parenthood centers that used LSC services. Personal information such as full names, SSNs, and medical details were exposed in the attack.
The breach affected individuals’ medical records, including diagnoses, treatments, lab results, and insurance details. Billing and financial data, such as claims, payment card info, and bank details, were also compromised. LSC has informed affected individuals and offered credit monitoring and medical identity protection services for up to 24 months. However, the organization hasn’t provided details on which centers were impacted due to privacy concerns.
The investigation continues, and third-party cybersecurity experts are monitoring the dark web for data leaks. No data has been found on dark web markets or forums as of now. LSC has advised affected individuals to enroll in the free monitoring services, with the deadline for enrollment set for July 14, 2025. While Planned Parenthood wasn’t directly responsible for this breach, customers were previously affected by another incident in August 2024.
Reference:
