Suspicious network activity could be symptom of breach at diagnostics firm LabCorp

News by Bradley Barth

Clinical medical diagnostics company LabCorp took some of its systems offline following suspicious network activity that could possibly indicate a serious breach of sensitive medical information.

Clinical medical diagnostics company LabCorp took some of its systems offline following suspicious network activity that could possibly indicate a serious breach of sensitive medical information.

The US$ 10.2 billion (£7.8 billion) Burlington, N.C.-based health care company disclosed in a Securities and Exchange Commission (SEC) filing this week that the unusual activity was detected during the weekend of 14 July, but did not label the incident as a breach.

However, an exclusive report filed on 17 July by the Daily Mail newspaper says that this was a hack. The article cites an anonymous insider with the company who reportedly said, "The only reason for a nationwide shutdown would be in a scenario where there was suspicion of a data intrusion."

Additionally, local Greensboro affiliate WMFY reported receiving a statement from the FBI indicating that ransomware might be involved. "The FBI is aware of reports of a ransomware attack involving LabCorp's network system," the statement reportedly reads. "We are monitoring the situation, but cannot comment on whether or not the FBI is involved in any investigation." LabCorp does acknowledge in its 8K form filing that it is working with the proper authorities.

LabCorp also said that taking systems offline was part of a "comprehensive response to contain the activity." As a consequence, this mitigative action temporarily affected test processing and customers' access to their test results. "Work has been ongoing to restore full system functionality as quickly as possible," the statement continues. "Testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days. Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process."

The company also claims in its filing that "there is no evidence of unauthorised transfer or misuse of data," adding that systems used by its subsidiary Covance Drug Development, a contract research organisation, were not impacted.

On its website, LabCorp says it "provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year" and "typically processes tests on more than 2.5 million patient specimens per week." With those sort of numbers, the ramifications of an unauthorised party possibly accessing even just a portion of this patient information could be very serious.

"Medical records are highly trafficked on the dark web for fraud, said Robert Capps, VP of business development at NuData Security, Inc.. "Customers may find that fraudulent healthcare services and diagnostics are often attached to their permanent health care record, and that coverage limits have been reached, which can lead to compromised or delayed care."

Consider that the single largest part of any patient record is almost always diagnostic tests," said Pravin Kothari, CEO of CipherCloud. "LabCorp connects electronically to many physician electronic medical record/electronic healthcare record (EMR/EHR) systems to both receive requests from physicians for patient testing, and then to return the results. Results are sometimes stored and sent using digital data, and other times using digital images of the test requests and test results."

Kothari said that LabCorp "made the wise decision" shutting down its network, but nevertheless should anticipate that it may have to weather the cost of a government-ordered HIPAA audit. 

The Daily Mail reports the LabCorp company insider said it could be weeks before the scope of the breach is known. Asked for further comment, LabCorp referred SC Media back to its SEC disclosure.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop