Hackers Breach Network of LabCorp, US' Biggest Blood Testing Laboratories

LabCorp, the US' biggest blood testing laboratories network, announced on Monday that hackers breached its IT network over the weekend.

"At this time, there is no evidence of unauthorized transfer or misuse of data," the company said. "LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation."

LabCorp shut down parts of its IT systems

LabCorp did not provide any details about the incident but said it shut down various portions of its systems to contain the intrusion.

"This temporarily affected test processing and customer access to test results on or over the weekend," the company said in an SEC 8-K form.

"Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days," LabCorp said.

A company spokesperson was not on hand to comment on the incident following an inquiry from Bleeping Computer. It is unclear if LabCorp has restored full service to its customer-facing systems that provide access to test results.

The healthcare org said the suspicious activity was detected only on its Diagnostics systems and did not affect other parts of its IT network, such as the systems used for drug testing (Covance Drug Development).

This could be a dangerous hack

But while the company is trying to play down the incident, the reality is that even the smallest hack affecting this organization has serious repercussions for millions of Americans.

"LabCorp is one of the largest diagnostic laboratories in the world, and, as you may not be aware, is a very critical part of U.S. healthcare infrastructure," Pravin Kothari, CEO of cybersecurity solution provider CipherCloud told Bleeping Computer today via email.

"They have hundreds of networked labs across the United States and all of them are likely interconnected centrally with LabCorp headquarters. This may be one of the largest healthcare networks in the world with connections to many thousands of physician offices, hospitals and their testing facility offices worldwide.

"LabCorp made the wise decision to shut down their entire network while determining the extent of the breach," Kothari added, suggesting that the hacker(s) could have very easily propagated through this interconnected network to reach other organizations.

Healthcare organizations are often the targets of hackers mainly due to the highly sensitive data they work with, which is worth more when crooks sell it online, rather than classic username-email-password combos.

UPDATE [July 19]: In a statement released on Thursday, LabCorp admitted that the hacker intrusion was a ransomware infection. Sources knowledgeable of the attack told Bleeping Computer hackers breached LabCorp's network using RDP brute-force attacks and installed the SamSam ransomware.