Data breach at LabCorp may affect millions
LabCorp announced that it detected suspicious activity on its network this past weekend. This suspected data breach have disrupted its ability to process medical tests. Patient access to testing results was also interrupted. In an SEC filing, LabCorp stated that it immediately took certain systems offline as part of its comprehensive response to contain the activity. Work has been ongoing to restore full system functionality, and while the testing capabilities are back online, other systems and functions may take a few days. Some customers of LabCorp Diagnostics may experience delays in receiving results as LabCorp complete that process. So far, no evidence of misuse of data has been found although investigation is ongoing.
LabCorp is a Fortune 500 company and is huge in healthcare, and is the country's largest processor of blood tests. It offers clinical laboratory and drug development services to managed care organizations, biopharmaceutical companies, governmental agencies, physicians and other healthcare providers. LabCorp employs 60,000 employees worldwide, and processes more than 115 million patient per year. The company tests more than 2.5 million patient specimens per week and supports clinical trial activity in 100 countries. The potential of a data breach could putmillions of people's sensitive personal information at risk.
The decision to shut down the entire LabCorp network while determining the extent of the breach was a smart move. The move stops possible information exfiltration, the destruction of patient data or a targeted ransomware attack. The single largest part of any patient record is almost always diagnostic tests. LabCorp connects electronically to many physician electronic medical record / electronic healthcare record systems to both receive requests from physicians for patient testing, and to return the results. These systems also still work and interconnect with facsimile machines present in physician offices. All of this presents an increased risk of cyberattacks propagating and moving through this expanded network. The complexity means that the attack surface is wide and could contain many points of vulnerabilities.
Health care networks remain under sustained attack by hackers who intentionally target health care networks for two reasons, to steal the medical records and to ransom critical data. Medical records are prime targets, as this data is highly prized to support identity theft and financial fraud. From a mix of medical devices, to internet of things devices and more, healthcare networks present a broad opportunity for hackers to find safe harbor from which to identify and steal patient data. The details to the nature and duration of the suspicious activity is still unclear. No information is currently available as to which systems were affected, whether patient information was compromised, the attack method and the impact of the hack. The state of affairs is likely to change going forward, given the size of LabCorp and the number of customers that may be affected.
Unfortunately, in a breach this large, it is expected that the department of Health and Human Services, Office of Civil Rights will request a HIPAA audit of LabCorp and possibly closely related business partners that may get caught up in the breach. LabCorp will have to pay for the cost, and risk, of any HIPAA audit and the continued cost and negative news as additional information comes to light.