Hackers steal 1.6 million patient records in major healthcare breach
Healthcare data breaches are common for two main reasons: healthcare organizations are easy targets due to poor cybersecurity practices, and the data they store is extremely valuable. Bad actors can often demand and receive whatever ransom they want for the stolen information. In 2025 alone, there have already been half a dozen data breaches affecting healthcare institutions.
The latest addition to this list involves a US-based lab testing provider. Laboratory Services Cooperative (LSC) has released a statement confirming it suffered a data breach, during which hackers stole sensitive information belonging to approximately 1.6 million individuals from its systems.
What you need to know
In October 2024, LSC, a nonprofit providing lab testing services to reproductive health clinics like Planned Parenthood across over 31 US states, suffered a significant data breach. On October 27, a threat actor gained unauthorized access to LSC’s network, stealing sensitive personal and medical information belonging to approximately 1.6 million individuals, including patients and workers.
The breach was discovered the same day, but LSC notified affected individuals starting April 10, 2025, after completing a data review by February 2025, according to a notice shared by the nonprofit.
The stolen data varies by individual but may include a wide range of sensitive information. This includes personal details such as names, addresses, emails, phone numbers, Social Security numbers, driver’s license or state ID numbers, passport numbers, and dates of birth.
Medical information may also have been compromised, including dates of service, diagnoses, treatments, lab results, medical records, patient numbers, provider names, and treatment facility details. Plus, financial information such as billing details, bank account numbers, routing numbers, payment card details, and claim numbers may have been exposed. The breach could also involve insurance-related data, including health insurance plan types, insurer details, and member or group ID numbers.
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
The impact of the data breach
The LSC data breach affected individuals across multiple states, including over 1,800 Mainers, and involved select Planned Parenthood centers in regions like Alaska, Hawaii, Idaho, Indiana, Kentucky, Washington, and possibly Texas, Massachusetts, and California. The breach raises significant risks of identity theft, financial fraud, and misuse of medical information, such as opening fraudulent accounts or accessing healthcare services under stolen identities.
LSC is offering free credit monitoring and medical identity protection services for 12 or 24 months, depending on state requirements, with an enrollment deadline of July 14, 2025. A separate service is available for affected minors.
LSC is quoted on its website as saying,
“The security of information maintained by LSC remains a top priority. Following this incident, LSC implemented several measures to further enhance the security of its environment. These measures include conducting a new and updated risk analysis to stay vigilant against ongoing threats, performing additional vulnerability testing and penetration testing, and providing additional security training for employees.”
LSC has established a dedicated toll-free call center for individuals to call with additional questions or concerns relating to this incident. The call center can be reached at 1-855-549-2662, available Monday through Friday from 9:00 AM to 9:00 PM ET.
MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT
11 ways to protect yourself after the LSC data breach
If you think you were affected or just want to be cautious, here are 11 steps you can take right now to stay safe from the LSC data breach:
1) Watch out for phishing scams and use strong antivirus software: With access to your email, phone number, or even lab records, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
2) Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the LSC breach, consider removing your information from public databases and people-search sites.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
3) Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the LSC breach, including Social Security numbers, insurance info, and even medical IDs. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity, and support if your identity is stolen.
One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
See my full list of trusted identity theft protection services and expert tips to stay safe online.
4) Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus—they’ll notify the others. This adds another layer of protection without completely freezing access to credit.
5) Keep tabs on your medical records: The LSC breach included lab results, diagnoses, and treatment data, making medical identity theft a growing concern. Someone could use your info to get care or prescriptions under your name. Regularly review your medical records and insurance claims. If anything looks off, report it to your provider or insurer immediately.
6) Watch out for suspicious snail mail: After the LSC data breach, attackers may use your stolen information to send official-looking letters by post, posing as healthcare providers, insurers, or even government agencies. These letters might ask you to call a number, visit a website, or provide additional personal information. Just because it arrives in your mailbox doesn’t mean it’s trustworthy. Always verify the source by looking up contact details independently, and avoid responding directly to unsolicited mail asking for sensitive information.
7) Use multi-factor authentication (MFA): Enable MFA on all critical accounts like email, banking apps, and healthcare portals. Look in account settings under “security” or “login options” to activate it. MFA ensures that even if hackers have your password, they’ll need another verification method (like a text code) before accessing your account.
8) Monitor your credit reports: Check your credit reports regularly through AnnualCreditReport.com, where you can access free reports from each bureau once per year—or more frequently if you’re concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage.
9) Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess, and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
10) Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key.
11) Secure your online accounts: Review security settings across all important accounts (email, especially). Update recovery options like backup emails or phone numbers—and log out devices you don’t recognize. Compromised accounts can lead hackers straight into other parts of your digital life.
By following these steps, you’ll be taking comprehensive action against potential threats stemming from the LSC data breach.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaway
The LSC breach isn’t just another headline. It’s a serious reminder of how exposed we really are. When personal, medical, and financial information is stolen, the consequences are immediate and long-term. Identity theft, fraudulent transactions, and misuse of health data are all very real risks. If your information may have been affected, act now. Review your records, freeze your credit, and stay vigilant.
If hospitals and labs can’t protect patient data, should they be allowed to collect so much of it? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.