Millions of patient health records may be at risk after LabCorp, one of the largest medical diagnostics companies in the United States, discovered that its systems had been breached during the weekend of July 14. After detecting suspicious activity on its network, it took immediate action to take parts of its system offline, LabCorp revealed in a filing with the Securities and Exchange Commission (SEC).
“This temporarily affected test processing and customer access to test results on or over the weekend,” LabCorp said in its SEC 8-K filing. “Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days. Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process.”
Though LabCorp has not revealed any additional information about the breach or if its systems have been fully restored, the company stated that it has reported the attack to law enforcement officials. The FBI confirmed that it was notified of the breach, but did not provide additional details. “The FBI is aware of reports of a ransomware attack involving LabCorp’s network system,” the agency said in a statement to WFMY News 2. “We are monitoring the situation, but cannot comment on whether or not the FBI is involved in any investigation.”
Given that ransomware may have been involved, it appears that the attack may have been financially motivated, though it’s unclear if the attackers were successful in accessing health records, patient data, or any personal information. The disclosure earlier this year of a Florida Medicaid breach prompted the FBI to issue warnings that there is an increased risk of attacks to healthcare organizations, Fortune reported. Given the nature of the sensitive information available, health records may be worth more when sold on the dark web, and a Verizon Data Breach report revealed that 72 percent of all healthcare attacks were ransomware. In addition to attacks to steal patient data, attacks on healthcare equipment, likely as a form of espionage to steal trade secrets, are also on the rise.
The same Verizon report cautioned that internal actors are the biggest threats to healthcare organizations, though LabCorp has not identified who is responsible for its attack. “Often they are driven by financial gain, such as tax fraud or opening lines of credit with stolen information, fun or curiosity in looking up the personal records of celebrities or family members, or simply convenience,” the Verizon report stated.
LabCorp is downplaying the incident, noting that there is “no evidence of unauthorized transfer or misuse of data.” The medical lab processes more than 2.5 million tests each week and see more than 115 million patients annually, so there is a lot of information at stake.
