Hackers Stole Medical Records From 1.6 Million Planned Parenthood Patients

Posted on by

Another major data breach compromised the confidential medical records of more than 1.6 million patients, including minors under 18, who received care from Planned Parenthood in more than 30 states. The Laboratory Services Cooperative (LSC), which provides laboratory testing services to reproductive health clinics throughout the United States, is notifying individuals who may have been harmed by a security incident that occurred in October 2024.

Planned Parenthood itself has been the target of cyberattacks in 2021 and 2024.

What happened to LSK?

According to the LSC report filed with the Maine Attorney General’s Office, hackers gained access to its systems on October 27, 2024 (the breach was discovered the same day) and stole the data of 1.6 million people. Compromised information varies from patient to patient, but may include the following :

  • Personal information: name, address, email address, telephone number.

  • Medical information: date(s) of service, diagnoses, treatments, medical records and patient numbers, laboratory results, provider name, location of treatment.

  • Insurance information: plan name and type, insurance company, member/group identification numbers.

  • Payment information: claim numbers, bank account information, billing codes, payment card information, balance information.

  • Identifiers: Social Security number, driver’s license or identification number, passport number, date of birth, demographic information, student ID number.

There may also have been a leak of LSC employee data, including details of dependents and beneficiaries.

What can patients do if their information has been compromised?

If you (or someone whose medical bills you pay) received care from Planned Parenthood, you can check to see if clinics in your state partner with LSC to provide laboratory tests. LSC has a list of frequently asked questions on its website , and you can call the company’s service center at 855-549-2662 for specific clinic locations.

What are your thoughts so far?

While you can’t eliminate the potential damage from a data breach, you can take steps to protect your information and accounts, such as keeping an eye out for suspicious activity and regularly reviewing your credit report (you can request a free copy every week from each of the three major credit bureaus). Freeze your credit , post a fraud alert, and block your Social Security number to protect against identity theft. The LSC breach website includes information on how to report identity theft to federal and state agencies.

LSC also offers 12-24 months of credit monitoring to affected individuals through CyEx Medical Shield Complete. To register, call the customer service number above between 9:00 am and 9:00 pm ET, Monday through Friday, and request an activation code, which you will need to register online . Affected minors and individuals without an SSN or credit history are eligible for a separate service called Minor Defense , which has a similar enrollment process. Registration deadline is July 14, 2025.

More…

Security

Leave a Reply