Breach, Threat Management, Data Security, Malware, Ransomware

Suspicious network activity could be symptom of breach at diagnostics firm LabCorp

Clinical medical diagnostics company LabCorp took some of its systems offline following suspicious network activity that could possibly indicate a serious breach of sensitive medical information.

The $10.2 billion Burlington, N.C.-based health care company disclosed in a Securities and Exchange Commission (SEC) filing this week that the unusual activity was detected during the weekend of July 14, but did not label the incident as a breach.

However, an exclusive report filed on July 17 by the UK's Daily Mail says that this was a hack. The article cites an anonymous insider with the company who reportedly said, "The only reason for a nationwide shutdown would be in a scenario where there was suspicion of a data intrusion."

Additionally, local Greensboro affiliate WMFY reported receiving a statement from the FBI indicating that ransomware might be involved. "The FBI is aware of reports of a ransomware attack involving LabCorp's network system," the statement reportedly reads. "We are monitoring the situation, but cannot comment on whether or not the FBI is involved in any investigation." LabCorp does acknowledge in its 8K form filing that it is working with the proper authorities.

LabCorp also said that taking systems offline was part of a "comprehensive response to contain the activity." As a consequence, this mitigative action temporarily affected test processing and customers' access to their test results. "Work has been ongoing to restore full system functionality as quickly as possible," the statement continues. "Testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days. Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process."

The company also claims in its filing that "there is no evidence of unauthorized transfer or misuse of data," adding that systems used by its subsidiary Covance Drug Development, a contract research organization, were not impacted.

On its website, LabCorp says it "provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year" and "typically processes tests on more than 2.5 million patient specimens per week." With those sort of numbers, the ramifications of an unauthorized party possibly accessing even just a portion of this patient information could be very serious.

“Medical records are highly trafficked on the dark web for fraud, said Robert Capps, VP of business development at NuData Security, Inc.. "Customers may find that fraudulent healthcare services and diagnostics are often attached to their permanent health care record, and that coverage limits have been reached, which can lead to compromised or delayed care."

Consider that the single largest part of any patient record is almost always diagnostic tests," said Pravin Kothari, CEO of CipherCloud. "LabCorp connects electronically to many physician electronic medical record/electronic healthcare record (EMR/EHR) systems to both receive requests from physicians for patient testing, and then to return the results. Results are sometimes stored and sent using digital data, and other times using digital images of the test requests and test results."

Kothari said that LabCorp "made the wise decision" shutting down its network, but nevertheless should anticipate that it may have to weather the cost of a government-ordered HIPAA audit. 

The Daily Mail reports the LabCorp company insider said it could be weeks before the scope of the breach is known. Asked for further comment, LabCorp referred SC Media back to its SEC disclosure.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.