LabCorp, one of the biggest clinical laboratories in the United States, has experienced a cyberattack that has possibly led to hackers gaining access to patients’ confidential information; nevertheless, data theft seems improbable because the cyberattack has now been verified as being a ransomware attack. It has been hinted that variation of SamSam ransomware was used in the brute force RDP attack, even though this has not been verified by LabCorp.
The Burlington, NC-situated company manages 36 primary testing laboratories all over the United States and the Los Angeles National Genetics Institute. The firm carries out normal blood and urine checks, HIV checks and specialty diagnostic checking facilities and stores huge quantities of extremely confidential data.
The cyberattack happened over the weekend of July 14, 2018 when doubtful system activity was seen by LabCorp’s incursion discovery system within 50 minutes of the attack starting. Swift action was taken to end access to its servers and systems were taken offline to suppress the attack.
With its systems offline, this obviously affected test handling and clients have been avoided from retrieving their test results online. LabCorp supposes some of its systems to remain offline for a number of days while efforts carry on to reestablish system functionality and those systems are completely checked. Delays in handling lab test results are supposed to continue to be experienced until its systems are completely reestablished and patients might continue to experience delays getting their test results.
The inquiry into the breach is still in the early phases and it has yet to be verified whether the hackers at the rear of the attack succeeded to gain access to patients’ medical information. Thus far, no proof has been found to indicate any patient information was transported outside its system.
LabCorp is involved in numerous medicine development programs, even though the attack is supposed to be restricted to LabCorp’s Diagnostics systems. The systems utilized by Covance Drug Development are not supposed to have been influenced.
The cyberattack has been informed to the Securities and Exchange Commission (SEC) and other related authorities have also been informed.
When the nature of the breach has been determined and the possibility of illegal access to patient data has been established, patients will be informed if appropriate.
LabCorp followed standard breach procedure to restrict the attack and avoid data exfiltration and restrain harm, and the shutting down of its systems is no hint that patient data has been retrieved. Nevertheless, the UL’s the Daily Mail newspaper claims to have made contact to a company insider who said the hackers possibly had access to the medical files of millions of patients.