Laboratory Services Cooperative Breach Impacts 1.6 Million People
Laboratory Services Cooperative, a Seattle, WA-based provider of lab testing services to Planned Parenthood centers, has started notifying approximately 1.6 million people that some of their personal and health information has been exposed or stolen in a recent hacking incident.
A security incident was detected on October 27, 2024, when suspicious activity was identified within its network. Assisted by third-party digital forensics specialists, Laboratory Services Cooperative confirmed that access to its network was gained by an unauthorized third party who removed certain files from its systems. The nature of the hacking incident was not disclosed, including when its systems were first breached, if ransomware was used, and if there was an extortion attempt.
The initial findings of the subsequent data review confirmed that certain Laboratory Services Cooperative patients and employees had been affected. The types of data involved varied from individual to individual and generally included names, addresses, phone numbers, and email addresses together with some of the following:
- Medical/clinical information such as date(s) of service, diagnoses, treatment information, medical record numbers, lab test results, patient/accession numbers, provider names, treatment locations, and other care-related information.
- Health insurance information such as plan names, plan types, insurance companies, and member/group ID numbers.
- Billing, claims, and payment data such as claim numbers, billing details, bank account details, billing codes, payment card details, balance details, and other banking and financial information.
- Additional identifiers such as Social Security Numbers, driver’s license/state ID numbers, passport numbers, dates of birth, demographic data, student ID numbers, and other government identifiers.
For employees, the impacted information may also have included information related to their dependents and beneficiaries. Laboratory Services Cooperative said the breach did not affect all Planned Parenthood centers, only those that availed of its services. Laboratory Services Cooperative provides services to Planned Parenthood centers in 31 U.S. states and has provided those services for varying periods of time. Some partnerships have only been in place for the past few years.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Cybersecurity experts have been engaged to scan the dark web for data leaks, and at the time of announcing the security incident, those firms had not detected any release of the stolen data. Unless a ransom was paid to have the stolen data deleted – and there are no guarantees that a ransom payment will result in permanent data deletion – the stolen data is in the hands of the perpetrators and could potentially have been sold. The affected individuals should take advantage of the complimentary credit monitoring and medical identity theft protection services being offered, which will be provided for 12 or 24 months, depending on the state of residence. The affected individuals should be vigilant against identity theft and other fraud by monitoring their accounts and Explanation of Benefits statements carefully.
A call center has been established where further information can be obtained on the incident, including whether a specific Planned Parenthood center was affected. The call center – 1-855-549-2662 – is open Monday through Friday from 9:00 AM to 9:00 PM ET.
