LabCorp goes down after network breach, putting millions of patient records at risk

Hackers breached one of the largest clinical laboratories over the weekend, forcing a shutdown of the network to contain the cyberattack.
By Jessica Davis
11:52 AM
Share
Hackers breached one of the largest clinical laboratories in US in July.

North Carolina-based LabCorp Diagnostics, one of the largest clinical laboratories in the U.S., was forced to shut down its network on Sunday after officials detected suspicious activity, according to a recent U.S. Securities and Exchange Commission filing.

Over the weekend of July 14, hackers got into LabCorp’s network. Officials immediately took certain systems offline as part of its breach response policy to contain the hack. As a result, test processing and customer access to test results was temporarily impacted.

According to its site, LabCorp services more than 115 million patient encounters annually, which potentially put all of those patient records at risk if they were located on the impacted network. LabCorp did not respond to a request for comment.

[UPDATE: LabCorp still recovering from ransomware, won't say if it's SamSam]

Officials have continued to restore full system functionality, with test result services “substantially resuming” on Monday. Additional systems and functions will be restored over the next few days.

“Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process,” officials said.

The suspicious activity was only detected on LabCorp systems not Covance Drug Development, which the company bought for $6.1 billion in 2014. The company has also notified relevant authorities of the cyberattack.

[Also: The biggest healthcare data breaches of 2018 (so far)]

In June, LabCorp successfully won its court battle over an alleged HIPAA violation. The company was accused of not providing enough privacy protection at its Providence Hospital computer intake system. LabCorp argued an individual can’t bring a lawsuit under HIPAA and filed a motion to dismiss. The judge agreed.

 

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com