Another major data breach has compromised the sensitive health records of more than 1.6 million patients—including minors under 18—who received care at Planned Parenthood in more than 30 states. Laboratory Services Cooperative (LSC), which provides lab testing services to reproductive health clinics across the U.S., is notifying individuals who may have been affected by a security incident that took place in October 2024.
Planned Parenthood itself has been the target of cyberattacks in 2021 and 2024.
What happened with LSC?
According to LSC's filing with the Maine attorney general's office, hackers accessed its systems on Oct. 27, 2024—the breach was identified the same day—and stole the data of 1.6 million individuals. The information compromised varies from patient to patient but may include the following:
-
Personal information: Name, address, email, phone number
-
Medical information: Date(s) of service, diagnoses, treatment, medical record and patient numbers, lab results, provider name, treatment location
-
Insurance information: Plan name and type, insurance company, member/group ID numbers
-
Billing information: Claim numbers, bank account details, billing codes, payment card details, balance details
-
Identifiers: Social Security number, driver's license or ID number, passport number, date of birth, demographic data, student ID number
LSC employee data may also have been leaked, including details about dependents and beneficiaries.
What patients can do if their information was compromised
If you (or someone whose medical bills you pay) have received care at a Planned Parenthood center, you can check to see if clinics in your state are partnered with LSC for lab testing. LSC has a list on its FAQ site, and you can call the company's service center at 855-549-2662 to verify specific clinic locations.
What do you think so far?
While you can't undo the potential damage of a data breach, you can take steps to secure your information and accounts, like keeping an eye out for suspicious activity and reviewing your credit report regularly (you can request a free copy every week from each of the three major credit bureaus). Freeze your credit, place a fraud alert, and lock down your Social Security number to protect against identity theft. LSC's website about the breach has information about reporting identity theft to federal and state agencies.
LSC is also offering 12–24 months of credit monitoring to affected individuals via CyEx Medical Shield Complete. To register, call the customer support number listed above between 9 a.m. and 9 p.m. ET Monday to Friday to request an activation code, which you'll need to enroll online. Affected minors and those without an SSN or credit history are eligible for a separate service called Minor Defense, which has a similar enrollment process. The deadline to sign up is July 14, 2025.
