por
John R. Fischer, Senior Reporter | July 24, 2018
A new form of ransomware was
discovered within LabCorp's IT network
this month
A new form of ransomware was discovered this month in LabCorp’s information technology network, potentially placing the protected healthcare data of millions at risk.
Detecting suspicious activity the weekend of July 14-15, LabCorp personnel identified the security breach, taking particular systems offline to contain and remove it. The ransomware was found only on LabCorp Diagnostics systems but nonetheless, has temporarily affected some test processing and customer access to exam results.
“Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed, and we are working to restore additional systems and functions over the next several days,” LabCorp said in a statement to HCB News.
LabCorp is one of thousands of healthcare providers who have experienced breaches by ransomware and other forms of cyberattacks in the past few years, placing patient data at risk for exploitation and costing providers millions in damages.
More than 1.13 million patient records were
breached between January and March of this year, according to a report by Protenus Breach Barometer. From 2016 to 2017, revenue incurred from ransomware attacks
rose by 2000 percent over a period of 18 months from $250,000 to $6.4 million annually.
In response to its own incident, LabCorp contacted authorities and is now working with law enforcement and outside security experts as part of its investigation.
Though no misuse or theft of data has been found or reported at this time, the full impact of the breach may require weeks to determine, according to Bill Dixon, an associate managing director for the cyber risk practice of information consultancy firm Kroll.
“Use of this information, if it were to get in the wrong hands, may include multiple types of frauds such as tax, social security, and even using information that may be stored to open lines of credit,” he told HCB News. “In addition, depending on the data, privacy of the individual can be at risk, especially if the individual is a public figure such as politicians, celebrities, or business executives. Depending on the nature of the diagnostic, embarrassing information and even information critical to the health of the individual may be exposed.”
The nature of this data may include patient names, dates of birth, specific health information, results of diagnostic testing and other significant facts, according to Dixon.