Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Laboratory Services Cooperative data breach impacts 1.6 Million People

Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals. Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 million people. The Laboratory Services Cooperative (LSC) is a clinical laboratory based in Bremerton, Washington, providing diagnostic testing services […]

Xsolis

Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals.

Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 million people.

The Laboratory Services Cooperative (LSC) is a clinical laboratory based in Bremerton, Washington, providing diagnostic testing services primarily to Planned Parenthood centers across 31 U.S. states. Their services support reproductive health and other medical testing needs.

The incident took place in October 2024, LSC is notifying impacted individuals. The company did not provide details about the attack.

On October 27, 2024, the Laboratory Services Cooperative detected suspicious network activity and launched an investigation with the help of cybersecurity experts. They found that an unauthorized party accessed and removed files. A third-party vendor was engaged to assess the impacted individuals.

The stolen data from the LSC breach may include names, addresses, phone numbers, and emails, as well as medical information (diagnoses, lab results, treatment details), health insurance details (plan info, member IDs), billing and payment data (bank account and card info), and sensitive identifiers like Social Security numbers, driver’s license or passport numbers, dates of birth, and student or government IDs.

“The specific information involved is not the same for everyone.” reads the notice of data breach. “It depends on the individual’s relationship with LSC but may include contact details such as name, address, phone number, and email, along with one or more of the following categories:

  • Medical/Clinical Information: This may include information such as date(s) of service, diagnoses, treatment, medical record number, lab results, patient/accession number, provider name, treatment location, and related-care details.
  • Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers.
  • Billing, Claims, and Payment Data: This could involve claim numbers, billing details, bank account details (including bank name, account number, and routing number), billing codes, payment card details, balance details, and similar banking and financial information.
  • Additional Identifiers: This may include Social Security Number, driver’s license or state ID number, passport number, date of birth, demographic data, student ID number, and other forms of government identifiers.

For LSC workers, the breach may also include information about their dependents or beneficiaries, if such details were provided to LSC.

The incident did not impact all Planned Parenthood centers, the security breach only those that used lab testing services from LSC may have been impacted.

The company provides impacted individuals with 12 or 24 months of free credit monitoring and medical identity protection services through CyEx Medical Shield Complete.

After detecting suspicious activity, LSC acted swiftly to investigate and secure its systems. They hired cybersecurity experts to monitor the dark web, but so far, no evidence suggests that stolen data has surfaced there.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Laboratory Services Cooperative)