Doubtful network activity might be an indication of a breach at diagnostics company LabCorp

July 20, 2018


Clinical medical diagnostics business LabCorp took some of its systems off after doubtful network activity that might probably show a grave breach of confidential medical information.

The $10.2 billion Burlington, N.C.-situated healthcare firm unveiled in a Securities and Exchange Commission (SEC) filing this week that the strange activity was noticed during the weekend of July 14, but didn’t label the occurrence as a breach.

Nevertheless, an exclusive report filed on July 17 by the UK’s Daily Mail says that this was a hack. The article quotes an unknown insider with the firm who reportedly said, “The only cause for a countrywide shutdown would be in a situation where there was doubt of a data intrusion.”

Moreover, local Greensboro associate WMFY reported getting a statement from the FBI showing that ransomware might be involved. “The FBI is conscious of accounts of a ransomware attack involving LabCorp’s network system,” the declaration reportedly reads. “We are checking the situation, however, can’t comment on whether or not the FBI is involved in any inquiry.” LabCorp does admit in its 8K form filing that it is working with the appropriate authorities.

LabCorp also said that taking systems off was part of a “broad reaction to control the activity.” As a result, this mitigated action provisionally affected test handling and clients’ access to their test results. “Work has been ongoing to reestablish complete system functionality as swiftly as possible,” the statement carries on. “Testing jobs have significantly restarted today, and we expect that additional systems and functions will be reestablished through the next several days. Some clients of LabCorp Diagnostics might experience brief delays in getting results as we complete that process.”

The firm also claims in its filing that “there is no proof of illegal transfer or abuse of data,” adding that systems used by its subsidiary Covance Drug Development, a contract research business, were not impacted.

On its website, LabCorp says it “offers diagnostic, drug development and technology-enabled solutions for over 115 million patient encounters each year” and “usually processes tests on over 2.5 million patient samples each week.” With those type of numbers, the consequences of an illegal party possibly accessing even just a part of this patient information might be very serious.

“Medical records are highly trafficked on the dark web for scam, said Robert Capps, VP of business development at NuData Security, Inc.” Clients might find that fake healthcare facilities and diagnostics are frequently attached to their permanent healthcare record, and that coverage perimeters have been reached, which can result in undermined or delayed care.”

Consider that the single biggest part of any patient record is virtually always analytical tests,” said Pravin Kothari, CEO of CipherCloud. “LabCorp links electronically to a lot of physician electronic medical record/electronic healthcare record (EMR/EHR) systems to both take requests from doctors for patient testing and then to return the results. Results are at times stowed and transmitted using digital data, and other times using digital images of the test requests and test results.”

Kothari said that LabCorp “made the prudent decision” closing its network, but nevertheless must expect that it might have to pay the cost of a government-ordered HIPAA check.