US Clinical Lab Tells 1.6 Million Customers to 'Protect' Their Data Following Cyberattack
April 14, 2025
A lab providing diagnostic testing services to Planned Parenthood centers across the US is telling customers to take measures to protect their data following a security incident.
Laboratory Services Cooperative, a non-profit based in Seattle, Washington, has issued a public notice saying that “if you, or someone whose healthcare bills you pay for, visited one of these centers and had lab tests done or were referred for lab tests, your information might be part of this incident.”
In a data breach filing, LSC reveals the breach impacts 1.6 million people.
Affected individuals are encouraged to “take precautionary measures to protect their information.”
‘Suspicious activity’
“On October 27, 2024, LSC identified suspicious activity within its network,” reads the notice. “In response, LSC immediately engaged third-party cybersecurity specialists to determine the nature and scope of the incident and notified federal law enforcement.”
LSC has served different centers for differing durations, with some partnerships starting only in the past few years.
The incident did not involve all Planned Parenthood centers – only those that received testing services from LSC, the lab says.
Following the breach, LSC promptly initiated a review to help identify whose information may be involved and to what extent. After months of sifting through the data, the lab has concluded that, yes, the attackers may well have accessed troves of medical and personal data.
Health, billing, and personal data compromised
“The investigation revealed that an unauthorized third party gained access to portions of LSC's network and accessed/removed certain files belonging to LSC,” the notice clarifies.
In February 2025, LSC received the initial results of the data review, confirming that certain LSC patient- and worker-related data might be affected. The specific information involved is not the same for everyone, as it depends on the individual's relationship with LSC.
To any extent, the data may include contact details such as name, address, phone number, and email, along with one or more of the following categories:
· Medical/Clinical Information: This may include date(s) of service, diagnoses, treatment, medical record number, lab results, patient/accession number, provider name, treatment location, and related-care details
· Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers.
· Billing, Claims, and Payment Data: This could involve claim numbers, billing details, bank account details (including bank name, account number, and routing number), billing codes, payment card details, balance details, and similar banking and financial information.
· Additional Identifiers: This may include Social Security Number, driver's license or state ID number, passport number, date of birth, demographic data, student ID number, and other forms of government identifiers.
· For LSC workers: The information involved may also include details about their dependents or beneficiaries if that information was provided to LSC.
LSC has hired specialists to monitor the dark web for any information that may be up for sale to fraudsters.
“The dark web is a hidden part of the internet where unauthorized activities and data exchanges often happen,” the lab clarifies.
According to the memo, there is no evidence that the information involved in this incident has been leaked (or is up for sale) as of now.
How to protect against scams citing your data
Data stolen in breaches fuels socially engineered fraud attacks and scams via SMS, email or by phone. When in doubt about a suspicious text, phone call, or social media interaction, Bitdefender recommends using Scamio, our free, scam-fighting AI bot. You can share with Scamio the exact thing you want to check, such as a screenshot, link, or QR code – or simply describe the situation to our chatbot in your own words. Scamio lets you know in seconds if it’s a sham.
LSC has set up an FAQ with resources to protect customers’ information and help affected customers learn more about the incident. Affected customers are offered free credit monitoring and medical identity protection services through CyEx Medical Shield Complete.
If you’re an LSC customer, keep an eye out for suspicious emails or texts citing your personal information. Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has leaked online, what risks you face, and what to do to protect yourself.
For peace of mind, consider using a security solution on all your personal devices.
You may also like to read:
Hackers Threaten to Leak Highly Sensitive Files from Lee Enterprises Breach
tags
Author
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsRight now Top posts
How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices
April 03, 2025
Outpacing Cyberthreats: Bitdefender Together with Scuderia Ferrari HP in 2025
March 12, 2025
Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers
February 20, 2025
How to Identify and Protect Yourself from Gaming Laptop Scams
February 11, 2025
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
