Share this article on:
LabCorp, one of the largest clinical laboratories in the United States, has experienced a cyberattack that has potentially resulted in hackers gaining access to patients’ sensitive information; however, data theft appears unlikely as the cyberattack has now been confirmed as being a ransomware attack. It has been suggested that variant of SamSam ransomware was used in the brute force RDP attack, although this has not been confirmed by LabCorp.
The Burlington, NC-based company runs 36 primary testing laboratories throughout the United States and the Los Angeles National Genetics Institute. The company performs standard blood and urine tests, HIV tests and specialty diagnostic testing services and holds vast quantities of highly sensitive data.
The cyberattack occurred over the weekend of July 14, 2018 when suspicious system activity was identified by LabCorp’s intrusion detection system within 50 minutes of the attack commencing. Prompt action was taken to terminate access to its servers and systems were taken offline to contain the attack.
With its systems offline, this naturally affected test processing and customers have been prevented from accessing their test results online. LabCorp expects some of its systems to remain offline for several days while efforts continue to restore system functionality and those systems are fully tested. Delays in processing lab test results are expected to continue to be experienced until its systems are fully restored and patients may continue to experience delays receiving their test results.
The investigation into the breach is still in the early stages and it has yet to be confirmed whether the hackers behind the attack managed to gain access to patients’ medical information. So far, no evidence has been uncovered to suggest any patient information was transferred outside its system.
LabCorp is involved in several drug development programs, although the attack is believed to be limited to LabCorp’s Diagnostics systems. The systems used by Covance Drug Development are not believed to have been affected.
The cyberattack has been reported to the Securities and Exchange Commission (SEC) and other relevant authorities have also been notified.
Once the nature of the breach has been established and the likelihood of unauthorized access to patient data has been determined, patient will be notified if appropriate.
LabCorp followed standard breach protocol to contain the attack and prevent data exfiltration and limit harm, and the shutting down of its systems is no indication that patient data has been accessed. However, the UL’s the Daily Mail newspaper claims to have contacted a company insider who said the hackers potentially had access to the medical records of millions of patients.