Laboratory Services Cooperative Data Breach Affects 1.6 Million People

On October 27, 2024, Laboratory Services Cooperative (LSC) identified suspicious activity within its network. In response, LSC engaged third-party cybersecurity specialists to determine the nature and scope of the incident and notified federal law enforcement. The investigation revealed that an unauthorized third party gained access to portions of LSC's network and accessed or removed certain files belonging to the company.

In February 2025, LSC received initial results from the investigation, confirming that sensitive information belonging to 1.6 million people was exposed.

The information exposed varied by individual and included personally identifiable information (PII) such as names, addresses, phone numbers, emails, Social Security numbers, driver's license or state ID numbers, passport numbers, dates of birth, demographic data, student ID numbers, and other government-issued identifiers.

Additionally, protected health information (PHI) was exposed, including dates of service, diagnoses, treatment details, medical record numbers, lab results, patient/accession numbers, provider names, treatment locations, health insurance details (plan names, types, companies, member/group ID numbers.

The breach specifically impacted individuals who received lab testing services at certain Planned Parenthood centers serviced by LSC. Not all Planned Parenthood centers were affected; only those centers partnering with LSC for lab testing services were involved. The partnerships with these centers began at various times, some as recently as the past few years. To view the list of states where LSC partners with Planned Parenthood centers, refer to the FAQ section of the company's incident support website.

As of now, cybersecurity specialists hired by LSC have not found any evidence that the compromised information has appeared on the dark web, a hidden part of the internet where unauthorized activities and data exchanges often occur.

Laboratory Services Cooperative's response

LSC is offering free credit monitoring and medical identity protection services through CyEx Medical Shield Complete to affected individuals. Depending on the individual's state of residence, these services are available for either 12 or 24 months.

The protection services include:

• 1-Bureau Credit Monitoring
• Health Insurance Plan Number Monitoring
• Medical Record Number Monitoring
• Medical Beneficiary Identifier Monitoring
• National Provider Number Monitoring
• International Classification of Diseases Monitoring
• Health Savings Account Monitoring
• Dark Web Monitoring

To enroll in these services, affected individuals should first obtain their unique Activation Code by calling LSC's dedicated call center at 1-855-549-2662 (available Monday through Friday, 9:00 AM to 9:00 PM ET). After obtaining the Activation Code, adults can enroll by visiting the CyEx Medical Shield Complete enrollment page, while minors can enroll through the Minor Defense enrollment page. The enrollment deadline is July 14, 2025.

LSC recommends that individuals remain vigilant by regularly reviewing their financial accounts and monitoring credit reports for suspicious activity. Individuals can request a free annual credit report from each of the three major credit bureaus at AnnualCreditReport.com. If fraudulent activity is detected, individuals should contact the Federal Trade Commission (FTC) at IdentityTheft.gov or by calling 1-877-438-4338.

Additionally, affected individuals are encouraged to consider placing fraud alerts or security freezes on their credit reports by contacting the three nationwide credit reporting agencies:

• Equifax Fraud Alert
• Experian Fraud Alert
• TransUnion Fraud Alert

For more detailed information regarding this incident, individuals may review the official disclosure notices filed with the California Attorney General's office, Maine Attorney General's office, and the U.S. Department of Health and Human Services.

For more information about the company, visit their official website at contractlaboratory.com.

What Planned Parenthood Centers are Affected?

Centers in the following states may have been affected:

• Alaska (AK)
• Arkansas (AR)
• California (CA)
• Colorado (CO)
• District of Columbia (DC)
• Hawaii (HI)
• Idaho (ID)
• Illinois (IL)
• Indiana (IN)
• Iowa (IA)
• Kansas (KS)
• Kentucky (KY)
• Maine (ME)
• Maryland (MD)
• Minnesota (MN)
• Missouri (MO)
• Nebraska (NE)
• Nevada (NV)
• New Hampshire (NH)
• New Mexico (NM)
• North Dakota (ND)
• Ohio (OH)
• Oklahoma (OK)
• Oregon (OR)
• South Dakota (SD)
• Texas (TX)
• Vermont (VT)
• Virginia (VA)
• Washington (WA)
• Wisconsin (WI)
• Wyoming (WY)