A new form of ransomware was
discovered within LabCorp's IT network
this month

New form of ransomware found in LabCorp Diagnostics systems

July 24, 2018
by John R. Fischer, Senior Reporter
A new form of ransomware was discovered this month in LabCorp’s information technology network, potentially placing the protected healthcare data of millions at risk.

Detecting suspicious activity the weekend of July 14-15, LabCorp personnel identified the security breach, taking particular systems offline to contain and remove it. The ransomware was found only on LabCorp Diagnostics systems but nonetheless, has temporarily affected some test processing and customer access to exam results.

“Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed, and we are working to restore additional systems and functions over the next several days,” LabCorp said in a statement to HCB News.

LabCorp is one of thousands of healthcare providers who have experienced breaches by ransomware and other forms of cyberattacks in the past few years, placing patient data at risk for exploitation and costing providers millions in damages.

More than 1.13 million patient records were breached between January and March of this year, according to a report by Protenus Breach Barometer. From 2016 to 2017, revenue incurred from ransomware attacks rose by 2000 percent over a period of 18 months from $250,000 to $6.4 million annually.

In response to its own incident, LabCorp contacted authorities and is now working with law enforcement and outside security experts as part of its investigation.

Though no misuse or theft of data has been found or reported at this time, the full impact of the breach may require weeks to determine, according to Bill Dixon, an associate managing director for the cyber risk practice of information consultancy firm Kroll.

“Use of this information, if it were to get in the wrong hands, may include multiple types of frauds such as tax, social security, and even using information that may be stored to open lines of credit,” he told HCB News. “In addition, depending on the data, privacy of the individual can be at risk, especially if the individual is a public figure such as politicians, celebrities, or business executives. Depending on the nature of the diagnostic, embarrassing information and even information critical to the health of the individual may be exposed.”

The nature of this data may include patient names, dates of birth, specific health information, results of diagnostic testing and other significant facts, according to Dixon.

To mitigate the impact of these incidents, he advises providers to have an incident response plan in place with different departments and divisions educated on how to engage other parts of their organization to contain attacks and limit the exposure and damage they cause.

Other tactics to consider include strict monitoring of what goes in and out of a network or deployment of a third-party incident response team to enhance the security of a company’s information resources and databases as ways of ensuring organizations are doing all they can do identify any issues, eliminate threats and minimize impacts to data.

“In instances like this it is very important to understand if anything is leaving their environment; once information leaves, it is no longer under their control and whoever has that information can do with as they would like,” said Dixon. “It could even end up for sale in dark web markets.”

Ransomware was only detected on LabCorp Diagnostics systems and did not affect Covance Drug Development systems.

The investigation is ongoing.