Medical testing services provider Laboratory Services Cooperative (LSC) is notifying 1.6 million individuals that their personal information was stolen in an October 2024 data breach.
As part of the cyberattack, which was identified on October 27, a threat actor accessed LSC’s network and accessed and exfiltrated certain files containing patient and employee information.
The potentially compromised information includes names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, government ID or passport numbers, demographic information, and health insurance information such as plan name and type, insurance provider, and member/group ID number.
For some patients, the compromised information also includes diagnosis and treatment details, dates of service, treatment location, medical record numbers, lab results, and other care-related details.
Billing and payment information such as bank account details, payment card data, billing details, balance information, claim numbers, and other financial information was also compromised in some cases.
Information on dependents or beneficiaries was also compromised for LSC employees, the Seattle-based non-profit organization says.
LSC also disclosed that some of the affected individuals are Planned Parenthood patients who visited select centers that LSC provides lab services to.
“Please be advised that this incident did not involve all Planned Parenthood centers. It specifically may have impacted only those centers that received lab testing services from LSC,” the organization explains in a data breach notice.
In a regulatory filing with the Maine Attorney General’s Office, LSC revealed that 1.6 million individuals were impacted and it is providing them with 12 or 24 months of free credit monitoring and medical identity protection services.
According to LSC, third-party cybersecurity specialists hired to monitor the dark web have not found evidence that the information stolen in the attack may have been shared between cybercriminals.
However, the organization did not say what type of cyberattack it fell victim to and whether it received any extortion attempts. SecuritWeek has contacted LSC for additional information and will update this article if a reply arrives.
Related: Port of Seattle Says 90,000 People Impacted by Ransomware Attack
Related: State Bar of Texas Says Personal Information Stolen in Ransomware Attack
Related: 170,000 Impacted by Data Breach at Chord Specialty Dental Partners
Related: 500,000 Impacted by Pennsylvania Teachers Union Data Breach