Ransomware Attack on LabCorp Leads to System Shutdown and Inaccessible Lab Test Results Online


LabCorp is a clinical laboratory in the United States that had encountered a cyberattack allowing hackers to possibly view or copy the protected health information (PHI) of patients; however it was affirmed later on that it wasn’t a cyberattack instead a ransomware attack hence data theft isn’t the likely intent of the attacker. The attack was a brute force RDP attack employing a SamSam ransomware variant.

LabCorp, which is headquartered Burlington, NC, manages the Los Angeles National Genetics Institute as well as 36 primary testing labs across the United States. A few of the tests conducted by the firm are standard blood tests, HIV tests, urine tests and other specialised diagnostic tests. Since LabCorp provides numerous services the firm maintains a large amount of highly sensitive information.

The cyberattack transpired on July 14, 2018 and after around 50 minutes of the episode LabCorp’s intrusion system had identified the dubious activity. To minimize the impact of the attack, connection to the the servers was immediately stopped and the systems were not accessible via the internet.

Since the systems were not online, laboratory test processing was delayed and clients cannot access the lab test results on the web. This circumstance will likely keep on for a number of days as LabCorp’s IT staff took care of restoring and testing the systems.

The investigation only commenced and there is no affirmation yet whether the hackers viewed the patients’ medical data. Until now, no information was received that could establish the transfer of patient data out of the system.

LabCorp is involved in several drug development programs such as the Covance Drug Development. Nevertheless the data related to this wasn’t affected. Just the LabCorp’s Diagnostic system had been impacted by the ransomware attack.

LabCorp already submitted the report on the cyberattack to the Securities and Exchange Commission (SEC) and other pertinent government bodies. Patients will be notified shortly, if required, after the results of investigation has validated the nature of the breach and if patient information was accessed by unauthorized persons.

All breach protocol was observed by LabCorp which aided in managing the attack, avoiding data extraction and minimizing the damage. Yet, a source from within the company said that the attackers had accessed a huge number of patients’ health records.