LSC Data Breach
The Laboratory Services Cooperative (LSC) is a clinical laboratory based in Bremerton, Washington, providing diagnostic testing and reproductive health services across more than 35 states. These laboratory services encompass data transfers for lab testing, billing, and other administrative HIPAA-protected patient information.
Overview
A data breach incident occurred on October 27, 2024 when LSC took notice of suspicious network activity. LSC took immediate measures to remediate this breach by hiring a third-party cybersecurity vendor to assess the impact, determine the scope of the attack, and identify the individuals who were affected. Additionally, LSC notified federal law enforcement of the incident.
The incident responders from the third-party vendor provided LSC with the initial results of the data review in February 2025. The investigation uncovered that an unauthorized third party infiltrated the organization's network, accessed sensitive files, and exfiltrated the data of interest. In other words, the threat actor stole sensitive medical, insurance, billing, and personal information of approximately 1.6 million people from LSC systems.
Data Involved
Medical/Clinical Information: This may include information such as date(s) of service, diagnoses, treatment, medical record number, lab results, patient/accession number, provider name, treatment location, and related-care details.
Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers.
Billing, Claims, and Payment Data: This could involve claim numbers, billing details, bank account details (including bank name, account number, and routing number), billing codes, payment card details, balance details, and similar banking and financial information.
Additional Identifiers: This may include Social Security Number, driver's license or state ID number, passport number, date of birth, demographic data, student ID number, and other forms of government identifiers.
What You Can Do
If you, or someone whose healthcare bills you pay for, visited one of the affected Planned Parenthood center and had lab tests completed, or were referred for lab tests, your information might have been a part of this data breach. Please note that this incident did not impact all Planned Parenthood centers, only those that have utilized lab testing services from LSC.
Please follow the steps outlined at https://www.lscincidentsupport.com/
LSC is offering free credit monitoring, medical identity protection services, and Dark Web monitoring through CyEx Medical Shield Complete to individuals who suspect their information may be involved in this incident.
