Laboratory Services Cooperative, based in Seattle, WA, provides Planned Parenthood centers with laboratory testing services. In compliance with HIPAA breach notification laws, it began notifying around 1.6 million people about the exposure or theft of some of their personal and protected health information (PHI) during a hacking incident.
Laboratory Services Coopearative discovered the security incident on October 27, 2024 after identifying suspicious activity inside its system. Third-party digital forensics experts helped to confirm that an unauthorized third party accessed its system and extracted selected files. There was no mention of the nature of the hacking incident, the time of the system breach, the use of ransomware, or any extortion attempt.
The preliminary findings of the data analysis confirmed that the incident affected some Laboratory Services Cooperative patients and staff. The types of information affected differed from one person to another and included names, addresses, telephone numbers, and email addresses, along with the listed data elements below:
Medical/clinical data including date(s) of service, diagnoses, treatment details, health record numbers, laboratory test data results, patient/accession numbers, names of healthcare providers, treatment areas, and other care-related details.
- Medical insurance details, including member/group ID numbers, insurance providers, plan names, and plan types.
- Billing, claims, and payment information, including billing codes, billing information, bank account information, payment card information, balance information, claim numbers, and other banking and financial data.
- Other identifiers, for instance, Social Security Numbers, passport numbers, driver’s license/state ID numbers, student ID numbers, birth dates, demographic information, and other government identifiers.
For workers, the affected data might also have included data associated with their dependents and beneficiaries. According to Laboratory Services Cooperative, the breach did not affect all Planned Parenthood centers, just those that acquired its services. Laboratory Services Cooperative assists Planned Parenthood centers located in 31 U.S. states and has made its services available for different periods. A few partnerships have just been set up over the last few years.
Cybersecurity specialists were engaged to check the dark web for leaked information, and when Laboratory Services Cooperative announced the security incident, those experts did not discover any leaked stolen information. Even if an entity paid a ransom to delete the stolen information, there are no assurances that the data will be deleted permanently. When stolen information is held by the perpetrators, they would likely sell it. The impacted people should use the free credit monitoring and healthcare identity theft protection services provided for one or two years, subject to the state of residence. The impacted people must be cautious against identity theft and other scams by checking their customer accounts and Explanation of Benefit statements thoroughly.
Laboratory Services Cooperative established a call center where more information about the incident is available, including information on which Planned Parenthood center was impacted. Call for support at 1-855-549-2662 from Monday to Friday from 9:00 AM – 9:00 PM ET.
Image credit: Martn, AdobeStock
