Ransomware Attack Strikes Medical Testing Giant LabCorp

Attorney General Indicts Russian Spies - LIFARS newsletter provided weekly insight into incident response, digital forensics, and ransomware attacks

Medical-testing giant Laboratory Corp. of America is reportedly dealing with a cyberattack, making it the latest firm holding sensitive customer information to be disrupted by ransomware.

Without disclosing the nature or extent of the ransomware attack, LabCorp is reportedly dealing with suspicious activity that has struck the company’s genetic-testing units, the Wall Street Journal reports.

LabCorp processes millions of diagnostic tests each week and is among the world’s largest domestic commercial lab-testing companies while maintaining a database containing health information on roughly half the U.S. population.

In a securities filing on Monday, the firm said it had detected “suspicious activity” that it claims was confined to its diagnostic network while insisting that its drug-development arm Covance hadn’t been affected. Citing sources, the report reveals the company is believed to be struck down by SamSam. The variant of ransomware has affected tens of thousands of LabCorp servers, workstations and devices.

The company added it had taken some portions of its network offline which has temporarily slowed down test processing processes with delays to customer access to test results.

Hackers demanded $6,000 in bitcoin for each compromised machine or $52,500 to unlock all encrypted devices, according to an information disclosure. LabCorp plans to replace all affected devices, the report added, with the company having no intention to meet any ransomware demands.

The company told employees in an internal note that it wasn’t proactively notifying customers of the breach but “working to respond to specific customer inquiries” instead.

LabCorp told employees:

We believe that our efforts to quickly contain the ransomware and restore key system functions will limit potential impacts for customers.

Image credit: Pexels.