Planned Parenthood Patients File Lawsuits Over Laboratory Services Cooperative Data Breach
Planned Parenthood patients are taking legal action over the theft of their sensitive data from Laboratory Services Cooperative (LSC), a Seattle, WA-based diagnostic testing service provider used by Planned Parenthood centers in 30 states and the District of Columbia.
On October 27, 2024, LSC identified unauthorized activity within its computer network. The forensic investigation confirmed in February 2025 that an unauthorized third party had accessed its network and obtained files that contained sensitive patient data, including names, contact information, dates of birth, medical and clinical information, health insurance information, billing and claims information, payment card information and banking information, Social Security numbers, driver’s license numbers, passport numbers, and other highly sensitive information. Workers were also affected by the breach and may have had dependent or beneficiary information stolen in the attack. In total, approximately 1.6 million individuals were affected by the data breach and were notified in April 2025. Complimentary credit monitoring and identity theft protection services were offered to the affected individuals.
At least three class action lawsuits have now been filed in the U.S. District Court for the Western District of Washington against LSC over the data breach – Doe v. Laboratory Services Cooperative, Daniels v. Laboratory Services Cooperative, and Wynn v. Laboratory Services Cooperative. The lawsuits allege LSC was negligent by failing to implement reasonable and appropriate cybersecurity measures to protect sensitive patient data, and if those measures had been implemented, the data breach could have been prevented. The lawsuits also accuse LSC of breach notification failures, as it took 5 months for the notification letters to be issued, and when they were sent, they lacked important information such as when the breach occurred, how it was identified, and how hackers breached its network. The lawsuits also assert claims of breach of third-party beneficiary contract, invasion of privacy, and violations of the Washington Consumer Protection Act and Data Breach Notification Law.
The lawsuits seek a jury trial, damages, compensatory damages, and injunctive relief, including an order from the court compelling LSC to implement a range of security measures to prevent similar data breaches in the future, including encryption, external security audits, penetration tests, and the destruction of the personally identifiable information of individuals affected by the data breach.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
