UPDATE, 4/17/25: Bloomberg reports that a Planned Parenthood patient has filed a class action suit against Laboratory Services Cooperative regarding the data breach. Keyonna Daniels of Sacramento, California, “filed a proposed class action Wednesday in the US District Court for the Western District of Washington,” stating that the lab did not put in place “reasonable cybersecurity safeguards or policies to protect its patients’ sensitive information or supervised its IT or data security agents and employees to prevent, detect, and stop breaches of its systems.”
The lawsuit alleges that the lab “made its patients vulnerable to identity theft without any warnings to monitor their financial accounts or credit reports to prevent unauthorized use of their Sensitive Information.” It adds that “On or around April 10, 2025—six months after the Breach was discovered— LSC finally began notifying Class Members about the Data Breach. However, notification is ongoing with many Class Members, including Plaintiff still awaiting formal notice.”
4/17/25: A Planned Parenthood lab based in Seattle, Washington, which provides testing services to Planned Parenthood in dozens of states, “suffered a data breach exposing records of 1.6 million people,” ConsumerAffairs.com reported on April 11. The data breach, eventually reported by the lab, Laboratory Services Cooperative (LSC), was “one of the most significant healthcare data breaches in 2025 yet” according to Ensar Seker, chief information security officer at cybersecurity company SOCRadar.
“What makes this breach especially damaging is the breadth of data exposed,” Seker said. “This creates a perfect storm for identity theft, medical fraud, and social engineering attacks.”
Planned Parenthood lab data privacy breach 2025
Laboratory Services Cooperative serves only Planned Parenthood centers
According to the HIPAA Journal, “Laboratory Services Cooperative said the breach did not affect all Planned Parenthood centers, only those that availed of its services.” LSC reportedly serves “Planned Parenthood centers in 31 U.S. states and has provided those services for varying periods of time. Some partnerships have only been in place for the past few years.”
But the HIPAA Journal also claimed that “[t]he nature of the hacking incident” at LSC “was not disclosed, including when its systems were first breached, if ransomware was used, and if there was an extortion attempt.”
The April 10, 2025 notice claimed that “On October 27, 2024, LSC identified suspicious activity within its network” and “immediately engaged third party cybersecurity specialists to determine the nature and scope of the incident and notified federal law enforcement. The investigation revealed that an unauthorized third party gained access to portions of LSC’s network and accessed/removed certain files belonging to LSC.
The Planned Parenthood lab wrote online that it “only provides lab testing services to select Planned Parenthood health centers” and “do[es] not offer lab testing services to any other organization.” It noted that the breach “specifically may have impacted only those centers that received lab testing services from LSC.” Some of the lab’s partnerships with Planned Parenthood centers were recent and some were not.” The lab noted that the centers it serves “may offer in-person and/or telehealth visits.” The centers served by the lab are listed in the image below:
Planned Parenthood lab Laboratory Services Cooperative data privacy breach 2025 involves multiple facilities
“Our call center can help determine whether a specific Planned Parenthood health center has partnered with LSC for lab testing services. If you would like to verify, please contact our call center and be prepared to provide the name and/or address of the Planned Parenthood health center you are inquiring about. In case it helps, the names and addresses of active Planned Parenthood centers can be found on Planned Parenthood’s website. Individuals can reach LSC’s call center at 1-855-549-2662 available Monday through Friday from 9:00 AM to 9:00 PM ET,” LSC wrote.
Laboratory Services Cooperative patients and employees were affected
Consumer Affairs (CA), which linked to a filing with the Maine Attorney General, wrote, “The potentially stolen information covers a wide range of personal data, including lab results, health insurance details, bank account details, credit card details, Social Security numbers, driver’s license numbers and more,” and may include “personal data… from Planned Parenthood locations in 30 states, plus the District of Columbia, including California, Colorado, Illinois, Ohio and Texas.”
So far, LSC “hasn’t seen evidence so far that personal data from the hack has begun circulating on the dark web or elsewhere for sale,” CA reported. “The cybersecurity specialists hired by LSC are using tools and techniques to scan various dark web forums, marketplaces, and other platforms.”
The HIPAA Journal noted that “patients and employees had been affected” by the breach, with the data involving “names, addresses, phone numbers, and email addresses,” adding that “the impacted information may also have included information related to their dependents and beneficiaries.” This was confirmed by LSC, which wrote, “In February 2025, LSC received the initial results of the data review, revealing that certain LSC patient and worker-related data might be affected.”
In addition to this lab, Live Action News previously documented how Planned Parenthood itself has had numerous privacy breach reports impacting half a million of its clients.
Consumer Affairs stated that “[a] full list of the states where data may have been exposed can be seen on an FAQ website, lscincidentsupport.com, about the data breach.”
