Laboratory Services Cooperative
Data Breach Class Action Lawsuit

Posted: April 11, 2025 -- Attention, victims of the Laboratory Services Cooperative data breach.

Abington Cole + Ellery is investigating the data breach recently announced by Laboratory Services Cooperative.

Laboratory Services Cooperative Data Breach Summary:

Approximately 1.6 million individuals were affected by the Laboratory Services Cooperative data breach.

Breached data may include, but is not necessarily limited to:

Medical/Clinical Information: This may include information such as date(s) of service, diagnoses, treatment, medical record number, lab results, patient/accession number, provider name, treatment location, and related-care details.

Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers.

Billing, Claims, and Payment Data: This could involve claim numbers, billing details, bank account details (including bank name, account number, and routing number), billing codes, payment card details, balance details, and similar banking and financial information.

Additional Identifiers: This may include Social Security Number, driver's license or state ID number, passport number, date of birth, demographic data, student ID number, and other forms of government identifiers.

On October 27, 2024, Laboratory Services Cooperative, a nonprofit organization based in Seattle, Washington, detected suspicious activity within its network, indicating a security incident. The organization, which provides laboratory testing services to select Planned Parenthood centers, engaged third-party cybersecurity specialists to determine the nature and scope of the breach. The investigation revealed that an unauthorized third party had gained access to portions of LSC's network and removed certain files, compromising sensitive information. Initial results from the data review, received in February 2025, confirmed that approximately 1.6 million individuals, including patients and employees, were affected. Consumer notifications began on April 10, 2025, with the organization encouraging affected individuals to take precautionary measures to protect their information.

The breach specifically impacted individuals who received lab testing services at certain Planned Parenthood centers serviced by LSC, with partnerships starting as recently as the past few years. Although not all Planned Parenthood centers were affected, LSC centers are located in multiple U.S. states: Alaska, Arkansas, California, Colorado, District of Columbia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Maine, Maryland, Minnesota, Missouri, Nebraska, Nevada, New Hampshire, New Mexico, North Dakota, Ohio, Oklahoma, Oregon, South Dakota, Texas, Vermont, Virginia, Washington, Wisconsin, and Wyoming. For a complete list, individuals can refer to the FAQ section of the incident support website at Laboratory Services Cooperative Security Incident.

The types of information exposed varied by individual and included personally identifiable information (PII) and protected health information (PHI). The specific method of the breach was not disclosed in the available sources, but it is described as a hacking incident involving unauthorized access to the network. As of the notification date, there was no evidence found that the compromised information had appeared on the dark web, with LSC hiring third-party specialists to monitor for such activity. The motive behind the breach is not explicitly stated, but given the nature of the data, it seems likely aimed at financial gain, identity theft, or other malicious purposes. The organization notified federal law enforcement and filed reports with state attorneys general, including California and Maine, as well as the U.S. Department of Health and Human Services, ensuring compliance with legal obligations.

In response to the breach, LSC has taken several steps to mitigate the impact on affected individuals. The organization is offering complimentary credit monitoring and medical identity theft protection services through CyEx Medical Shield Complete, with coverage for 12 or 24 months depending on the state of residence.

As a result of the data breach, Laboratory Services Cooperative is offering at least 12 months of free credit monitoring and/or identity theft protection services to some affected individuals.

Additional information about the Laboratory Services Cooperative data breach may be found here: Laboratory Services Cooperative Data Breach Notification.

About Laboratory Services Cooperative:

Laboratory Services Cooperative, also known as Planned Parenthood Laboratory Services Cooperative, is a nonprofit organization located in Seattle, Washington. Formed in 2008, it operates under section 501(e) of the Internal Revenue Code, which classifies it as a cooperative hospital service organization. This status allows it to provide centralized laboratory services to its member affiliates, primarily Planned Parenthood health centers, to support their operations.

The cooperative offers laboratory testing services on a centralized basis, enabling member affiliates to access these services efficiently. By managing laboratory operations, it allows members to focus on providing reproductive health care. Additionally, it distributes financial resources to its member affiliates to support their programs and operations, ensuring they can maintain their mission.

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Laboratory Services Cooperative data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Laboratory Services Cooperative or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.