In a significant security incident, sensitive health records of more than 1.6 million patients, including minors under 18, have been put at risk. This breach involves individuals who have sought care at Planned Parenthood facilities across more than thirty states. Laboratory Services Cooperative (LSC), the organization responsible for lab testing at these clinics, is in the process of notifying those potentially affected by this security breach that occurred in October 2024.

Planned Parenthood has faced cyberattacks previously, with significant incidents reported in 2021 and again in 2024. Cybersecurity challenges continue to be a concern for the organization.

Details of the LSC Incident

According to documents filed by LSC with the Maine attorney general, cybercriminals infiltrated its systems on October 27, 2024. The breach was detected on the same day, revealing that data from 1.6 million individuals had been compromised. Although the specific details of the data affected may vary, it could include:

• Personal Information: Name, address, email, and phone number

• Medical Information: Dates of service, diagnoses, medical records and patient numbers, lab results, provider details, and treatment locations

• Insurance Data: Plan names, types, insurance company details, and member IDs

• Billing Information: Claim numbers, banking details, billing codes, payment card information, and account balances

• Identifiers: Social Security numbers, driver’s license or ID numbers, passport numbers, dates of birth, demographic details, and student ID numbers

It is also possible that employee data was impacted, which may include information regarding dependents and beneficiaries.

Steps for Patients If Their Information Has Been Compromised

Individuals who have received treatment at Planned Parenthood should determine if their local clinics partner with LSC for lab testing. A comprehensive list is available on LSC’s FAQ site, or you can verify specific clinic details by contacting their service center at 855-549-2662.

While it is impossible to reverse the consequences of a data breach, several proactive measures can help protect personal information. Monitoring for unusual activity and regularly reviewing credit reports is crucial. A free weekly credit report can be obtained from each of the three major credit bureaus. Additionally, consider freezing your credit, setting fraud alerts, and protecting your Social Security number to mitigate the risk of identity theft. LSC’s breach information site outlines steps for reporting identity theft to the appropriate federal and state authorities.

LSC is providing affected individuals with 12 to 24 months of credit monitoring through CyEx Medical Shield Complete. To register, individuals can dial the customer support number mentioned earlier during business hours (9 a.m. to 9 p.m. ET, Monday to Friday) to obtain an activation code, which is necessary for online enrollment. For affected minors or those who lack a Social Security number or credit history, a separate service called Minor Defense is available, with a similar enrollment procedure. The deadline for signing up is July 14, 2025.