Healthcare data breaches are common for two main reasons. Healthcare organizations are easy targets due to poor cybersecurity practices, and the data they store is extremely valuable. Bad actors can often demand and receive whatever ransom they want for the stolen information.Â
In 2025 alone, there have already been half a dozen data breaches affecting healthcare institutions.Â
The latest addition to this list involves a U.S.-based lab testing provider. Laboratory Services Cooperative (LSC) has released a statement confirming it suffered a data breach in which hackers stole sensitive information belonging to approximately 1.6 million individuals from its systems.
A doctor looking at data on his smartphone (Kurt “CyberGuy” Knutsson)
What you need to know
In October 2024, LSC, a nonprofit providing lab testing services to reproductive health clinics like Planned Parenthood across 31 U.S. states, was hit with a significant data breach. On Oct. 27, a threat actor gained unauthorized access to LSC’s network, stealing sensitive personal and medical information belonging to approximately 1.6 million individuals, including patients and workers.Â
The breach was discovered the same day, but LSC notified affected individuals starting April 10, 2025, after completing a data review by February 2025, according to a notice shared by the nonprofit.Â
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
The stolen data varies by individual but may include a wide range of sensitive information. This includes personal details such as names, addresses, emails, phone numbers, Social Security numbers, driver’s license or state ID numbers, passport numbers and dates of birth.Â
Medical information may also have been compromised, including dates of service, diagnoses, treatments, lab results, medical records, patient numbers, provider names and treatment facility details. Plus, financial information such as billing details, bank account numbers, routing numbers, payment card details and claim numbers may have been exposed. The breach could also involve insurance-related data, including health insurance plan types, insurer details and member or group ID numbers.
A healthcare employee working on her laptop (Kurt “CyberGuy” Knutsson)
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
The impact of the data breach
The LSC data breach affected individuals across multiple states, including more than 1,800 Mainers, and involved select Planned Parenthood centers in regions like Alaska, Hawaii, Idaho, Indiana, Kentucky, Washington and possibly Texas, Massachusetts and California. The breach raises significant risks of identity theft, financial fraud and misuse of medical information, such as opening fraudulent accounts or accessing healthcare services under stolen identities.
LSC is offering free credit monitoring and medical identity protection services for 12 or 24 months, depending on state requirements, with an enrollment deadline of July 14, 2025. A separate service is available for affected minors.
The nonprofit said on its website, “The security of information maintained by LSC remains a top priority. Following this incident, LSC implemented several measures to further enhance the security of its environment. These measures include conducting a new and updated risk analysis to stay vigilant against ongoing threats, performing additional vulnerability testing and penetration testing, and providing additional security training for employees.”
LSC has established a dedicated toll-free call center for individuals to call with additional questions or concerns relating to this incident. The call center can be reached at 1-855-549-2662, available Monday through Friday from 9 a.m. to 9 p.m. ET.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
A hacker at work (Kurt “CyberGuy” Knutsson)
MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT
11 ways to protect yourself after the LSC data breach
If you think you were affected or just want to be cautious, here are 11 steps you can take right now to stay safe from the LSC data breach.
1. Watch out for phishing scams and use strong antivirus software: With access to your email, phone number or even lab records, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the LSC breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here.
3. Safeguard against identity theft and use identity theft protection:Â Hackers now have access to high-value information from the LSC breach, including Social Security numbers, insurance info and even medical IDs. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft.
4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they’ll notify the others. This adds another layer of protection without completely freezing access to credit.
5. Keep tabs on your medical records:Â The LSC breach included lab results, diagnoses and treatment data, making medical identity theft a growing concern. Someone could use your info to get care or prescriptions under your name. Regularly review your medical records and insurance claims. If anything looks off, report it to your provider or insurer immediately.Â
6. Watch out for suspicious snail mail: After the LSC data breach, attackers may use your stolen information to send official-looking letters by post, posing as healthcare providers, insurers or even government agencies. These letters might ask you to call a number, visit a website or provide additional personal information. Just because it arrives in your mailbox doesn’t mean it’s trustworthy. Always verify the source by looking up contact details independently and avoid responding directly to unsolicited mail asking for sensitive information.
7. Use multifactor authentication (MFA): Enable MFA on all critical accounts like email, banking apps and healthcare portals. Look in account settings under “security” or “login options” to activate it. MFA ensures that even if hackers have your password, they’ll need another verification method (like a text code) before accessing your account.
8. Monitor your credit reports: Check your credit reports regularly through AnnualCreditReport.com, where you can access free reports from each bureau once per year, or more frequently if you’re concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage.
9. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here.
10. Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key.
11. Secure your online accounts: Review security settings across all important accounts (email, especially). Update recovery options like backup emails or phone numbers and log out of devices you don’t recognize. Compromised accounts can lead hackers straight into other parts of your digital life.
By following these steps, you’ll be taking comprehensive action against potential threats stemming from the LSC data breach.Â
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaway
The LSC breach isn’t just another headline. It’s a serious reminder of how exposed we really are. When personal, medical and financial information is stolen, the consequences are immediate and long term. Identity theft, fraudulent transactions and misuse of health data are all very real risks. If your information may have been affected, act now. Review your records, freeze your credit and be vigilant.
If hospitals and labs can’t protect patient data, should they be allowed to collect so much of it? Let us know by writing us at Cyberguy.com/Contact.
CLICK HERE TO GET THE FOX NEWS APP
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
