LabCorp Attacked with Ransomware But PHI Access Still Not Confirmed

LabCorp, a major network of clinical laboratories in the U.S., experienced a cyberattack that potentially allowed hackers to access the protected health information (PHI) of patients. The attack prompted the shutdown of its systems while an investigation was conducted, which has now been confirmed as a brute force RDP ransomware attack.

LabCorp, which is based in Burlington, NC, operates the Los Angeles National Genetics Institute and 36 primary testing laboratories all over the United States. Tests performed by the company include standard blood tests, urine tests, HIV tests and other specialty diagnostic tests. Because LabCorp offers many services, the company stores a significant amount of sensitive data.

The cyberattack happened on July 14, 2018 and within 50 minutes of the attack LabCorp’s security system was able to identify the suspicious activity. To mitigate the attack, access to the servers was promptly terminated and the systems were disconnected from the Internet.

Because systems are offline, lab test result processing has been delayed and customers have been prevented from accessing test results online. This situation will probably continue for several days as LabCorp’s IT team works on the restoration and testing of its systems.

The investigation has only just commenced so it has yet to be confirmed whether the hackers accessed or copied patients’ health data although at this state no evidence has been uncovered to suggest any data was downloaded from its systems. LabCorp works on a number of drug development programs although these were not affected by the data breach. Only LabCorp’s Diagnostic system was affected by the attack.

LabCorp already reported the cyberattack to the Securities and Exchange Commission and other authorities. Patient notifications will follow if it is established that there is a reasonable chance that patient health information was accessed. While an alleged internal source told the Daily Mail in the UK that the attackers potentially had access to millions of patients’ medical records that has not been officially confirmed.