Ransomware Gangs Attack Clinical and Pathology Laboratories
Ransomware groups have conducted several attacks on medical laboratories in recent months. These attacks can cause significant disruption to testing services, resulting in diagnosis and treatment delays. The June 2024 ransomware attack on Synnovis, a UK-based pathology lab serving National Health Service Trusts, caused massive disruption to testing and blood services in southeast London for several months, resulting in prolonged blood shortages. The attack cost an estimated £32.7 million ($38.18 million) last year.
In May 2025, Marlboro-Chesterfield Pathology in North Carolina and Molecular Testing Labs (CareNexa) in Washington reported hacking incidents and data breaches, the latter via one of its business associates. They have now been joined by a pathology lab in Kansas, a diagnostic lab in New York, and a life science testing lab in California.
WPM Pathology Laboratory, Chartered, in Kansas has recently started notifying 5,694 patients about a November 2024 ransomware attack. Unauthorized network access was detected on November 4, 2024, and third-party cybersecurity professionals were engaged to help contain the threat and secure the network. On February 21, 2025, WPM Pathology determined that a threat actor potentially accessed files containing patients’ protected health information, including names, dates of birth, diagnoses, medical record numbers, health insurance claims information, and Social Security numbers.
Notification letters started to be sent to the affected individuals on April 17, 2025, and the breach was reported to the HHS’ Office for Civil Rights in May; however, the substitute breach notice has only recently been published. While ransomware was not mentioned in the breach notification letters, this appears to have been an attack by the Fog ransomware group.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The ransomware group behind the hugely disruptive attack on Synnovis has attacked another laboratory, Accu Reference Medical Lab in New York. Qilin added Accu Reference Medical Lab to its data leak site on July 10, 2025, and claims to have exfiltrated sensitive data. The group uploaded 12 screenshots as evidence, some of which contained patient information, including clinical testing results. Accu Reference Medical Lab has yet to confirm the attack and data breach. This is not the first time Accu Reference Medical Lab has suffered a ransomware attack. In 2023, Accu Reference Medical Lab fell victim to an attack by the Medusa ransomware group, which leaked the stolen data when the ransom was not paid.
Pacific Biolabs, a Hercules, CA-based life science testing company that provides GMP/GLP laboratory testing services to support the medical device, pharmaceutical, and biotechnology industries, appears to be a victim of a ransomware attack by the Cicada3301 ransomware-as-a-service (RaaS) group. Cicada3301 claims to have exfiltrated 900 GB of data in the attack, which is thought to have occurred on or around July 10, 2025. The attack has yet to be confirmed by Pacific Biolabs.
