LabCorp Hit by Ransomware But No Data Stolen

The strain of ransomware that was reportedly used in the attack on LabCorp can "effectively lock down a computer, encrypting all the files inside."
Matthew HellerJuly 20, 2018

LabCorp, one of the largest medical diagnostics companies in the United States, has disclosed it was hit by a ransomware attack, highlighting the vulnerability of health organizations to data breaches.

LabCorp first reported the breach on Monday, saying in a regulatory filing that it had detected suspicious activity on its IT network and had in response taken certain systems offline to limit any damage.

On Thursday, the company said the attack came in the form of ransomware but it had found “no evidence of theft or misuse of data.” LabCorp processes more than 2.5 million tests each week and sees more than 115 million patients annually.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

“As part of our in-depth and ongoing investigation into this incident, LabCorp has engaged outside security experts and is working with authorities, including law enforcement,” it stated.

LabCorp declined to say what variant of ransomware was used in the breach. But The Wall Street Journal identified the culprit as SamSam, the same strain that attacked the city of Atlanta’s IT network in March.

“SamSam will effectively lock down a computer, encrypting all the files inside, and then demand the victim pay up to free the system,” PCMag said.

The disclosure earlier this year of a Florida Medicaid breach prompted the FBI to issue warnings that there is an increased risk of attacks to healthcare organizations. “Given the nature of the sensitive information available, health records may be worth more when sold on the dark web, and a Verizon Data Breach report revealed that 72 percent of all healthcare attacks were ransomware,” Digital Trends said.

Forbes suggested LabCorp is a particularly inviting target for hackers since it “sits on countless gigabytes of irreplaceable patient data that could be locked away by ransomware. It also has very deep pockets. Hackers could be hoping that LabCorp would rather pay a few hundred thousand dollars to make the problem go away rather than spending millions on other measures.”

Remediation costs for even a relatively small ransomware outbreak can be steep. IBM has estimated the average cost for a business to be around $3.86 million in 2017.