The Laboratory Services Cooperative (LSC) has disclosed a major data breach affecting 1.6 million individuals, exposing a wide range of sensitive personal, medical, and financial information.
LSC, a Seattle-based nonprofit that provides laboratory services to healthcare organizations—including some Planned Parenthood centers—confirmed the breach in a notice published this week.
According to the statement, suspicious activity was first detected on October 27, 2024, prompting LSC to bring in third-party cybersecurity experts and notify federal law enforcement. Investigators found that hackers had accessed and exfiltrated files from LSC’s network.
The stolen data may include:
- Personal identifiers: Names, Social Security numbers, driver’s license/passport numbers, and dates of birth
- Medical records: Test results, diagnoses, treatment details, and healthcare provider information
- Insurance info: Plan types and member/group ID numbers
- Financial data: Claims, billing details, and even bank or payment card information
The breach primarily impacted patients who received lab services through certain Planned Parenthood centers that rely on LSC for testing. Although Planned Parenthood was not directly responsible, this marks the second time in 2024 its patient data has been exposed, following a RansomHub ransomware attack in August.
LSC is offering free credit monitoring and medical identity protection services for up to 24 months, with special protections like “Minor Defense” for children. Affected individuals must enroll by July 14, 2025.
The organization says the investigation is ongoing, and no data has been found on the dark web so far.
