LabCorp, one of the nation’s largest medical diagnostics companies, is investigating a security breach that may have put health records of millions of patients at risk.
In a filing with the Securities and Exchange Commission, the company says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.”
LabCorp says it has not yet uncovered any evidence of the unauthorized transfer or misuse of data it holds. The company added it has notified authorities and will cooperate in any investigation.
“This temporarily affected test processing and customer access to test results on or over the weekend,” the company said. “Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days. Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process.”
Though the company insists there is 'no evidence of unauthorized transfer or misuse of data', a company insider claims it could be weeks before LabCorp's experts discover the extent of the breach and whether or not the hackers stole data from the network.
“The only reason for a nationwide shutdown would be in a scenario where there was suspicion of a data intrusion. LabCorp was hacked and the suspicion is they were pulling data but the full extent of what was accessed if anything isn't clear. The company acted swiftly to stop the intrusion, but the fear is the private medical information of millions of patients may have been accessed.” the company insider said.
The firm states it is required to notify patients of any data breach within 60 days after discovery of the breach.
LabCorp operates a large network of labs and patient centers nationwide performing routine and specialty diagnostic testing, including: blood work, urine analysis, and HIV tests.
According to its website, LabCorp services more than 115 million patient encounters annually, which potentially put all of those patient records at risk if they were located on the impacted network.
The firm's headquarters is in Burlington, North Carolina, and it operates the National Genetics Institute in Los Angeles, with a wider network of 36 primary labs across the country.
The breach follows a court battle over an alleged HIPAA violation that LabCorp ultimately won. The company was accused of not providing enough privacy protection at its Providence Hospital computer intake system. LabCorp argued an individual can’t bring a lawsuit under HIPAA and filed a motion to dismiss. The judge agreed.
This story is ongoing and will be updated as more information becomes available.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.