LabCorp shuts down IT system after possible hack attack

Dive Brief:

LabCorp was forced to take parts of its IT system offline last weekend after it detected “suspicious activity” on the network, leading to delays in the transmission of results to customers.
The laboratory diagnostics giant is yet to detail the nature of the activity but based on the numbers of patients that use the provider an intruder on its network could access health data on millions of people.
LabCorp said it found no evidence that data was transferred or misused. Quest Diagnostics and LapCorp dominate the U.S. lab testing market, with LabCorp saying it processes tests for more than 2.5 million patient specimens per week.

Dive Insight:

Healthcare organizations hold information quite valuable to unscrupulous actors. Hackers can use patient data to perform medical billing fraud and identity theft, making it more valuable to them than other sources of personal information. Such scams drove early interest in black market health records. More recently, hackers have favored ransomware attacks. These hackers gain access to an individual’s data or whole IT systems and demand money to relinquish control.

Other healthcare organizations hold data potentially valuable to stock market traders and other businesses. If a hacker learns that a clinical trial will succeed or fail, they can bet on or against a company’s stock to ensure they profit from the knowledge. Equally, many organizations hold data that a rival could use to gain an unfair advantage.

The profitability of these scams has led people inside and outside healthcare organizations to try to steal data. In 2015, hackers accessed data on 78 million people covered by health insurer Anthem. The following year, an attack on Quest Diagnostics exposed data on 34,000 people. Last year, Merck was the victim of a ransomware attack that affected its manufacturing operations. In many cases, intrusions into IT systems go undetected for months, giving hackers ample time to gather data.

LabCorp is the latest company to be targeted by hackers. After detecting suspicious activity, LabCorp took its systems offline to try to contain the threat. That affected test processing and customer access to results. The disruption dragged on in the days that followed as LabCorp worked to restore its systems. LabCorp said the activity only affected its diagnostic unit, meaning the clinical trial data held by its contract research wing Covance should not have been compromised.

To date, LabCorp has found no evidence any records have been stolen or misused. However, there are reports from within LabCorp that the company feared the worst.

“The only reason for a nationwide shutdown would be in a scenario where there was suspicion of a data intrusion,” an anonymous insider told DailyMail.com. “LabCorp was hacked and the suspicion is they were pulling data but the full extent of what was accessed if anything isn't clear. The company acted swiftly to stop the intrusion, but the fear is the private medical information of millions of patients may have been accessed.”

Details of what, if anything, was accessed may emerge in the coming months. LabCorp is legally obligated to report breaches of more than 500 patients to HHS within 60 days.