Health Records Breach Could Jeopardize Millions of Patients’ Data

Burlington, N.C.-based LabCorp, one of the U.S.’s largest medical diagnostics firms, is investigating a security breach that could have endangered the health records of millions of patients.

The FBI said it was aware of reports of a ransomware occurrence involving LabCorp’s network system and are monitoring the situation.

LabCorp neither provided more details about the breach nor confirm any specifics, but according to a filing with the Securities and Exchange Commission dated July 16, the company said it detected ‘suspicious activity’ on its information technology network. The document identified the discovery of the breach as July 14 when some customers experienced delays around that date and the next day.

“LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity. This temporarily affected test processing and customer access to test results on or over the weekend. Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days.”

The breach elevated fears that millions of patients’ health records could be at risk. According to its website, LabCorp has more than 115 million patient interactions annually and processes more than 2.5 million patient tests weekly. Of note, healthcare facilities also handle payment information, and LabCorp also offers electronic bill pay on its website.

LabCorp said, “At this time, there is no evidence of unauthorized transfer or misuse of data. it has not yet discovered any evidence of the unauthorized transfer or misuse of data.” The company added it notified authorities and will cooperate in any investigation.

Pravin Kothari, CEO of San Jose, Calif.-based cybersecurity solution provider CipherCloud, said, “The LabCorp data breach is yet another heavy blow in the continued assault on healthcare. Consider that LabCorp is one of the largest diagnostic laboratories in the world and is a very critical part of U.S. healthcare infrastructure.” Kothari added, they have hundreds of networked labs across the United States likely interconnected centrally with LabCorp headquarters.

Kothari stated LabCorp made the wise decision to shut down their entire network while determining the extent of the breach. “Taking this preventive action may be warranted especially if they are shutting down to stop the propagation of a targeted ransomware attack and the possible destruction of patient laboratory data.”

Another consideration, Kothari suggested, is the single largest part of any patient record is almost always diagnostic tests. LabCorp connects electronically to many physician electronic medical record/electronic healthcare record systems to both receive requests from physicians for patient testing, and then to return the results, which sometimes remain stored and sent using digital data, and other times using digital images of the test requests and test results. “These systems also still work and interconnect with facsimile machines present in physician offices.”

Tal Guest, Principal Product Manager at Atlanta-based cybersecurity firm Bomgar, said, “Healthcare organizations are going to be desirable targets for hackers because of the large amounts of sensitive personal data collected about thousands or even millions of people. They must take extra precautions when handling PII to protect patients and meeting compliance mandates such as HIPAA.” Guest added managing access to this data and other systems on the network is the number one thing that healthcare organizations can do quickly to reduce the risk and increase security. “A strong firewall perimeter is important, but like a physical wall, it has doors.” Guest rec Privileged access management monitors who’s going in and out of those doors, and password vaults keep the keys needed for those doors more secure.”

Leon Lerman, CEO of TEL AVIV, Israel-based healthcare cybersecurity specialists Cynerio said, “Hospitals will continue to be a prime target for hackers due to the high value on the black market of PHI and medical data, and the relatively lax security posture which most hospitals have. As hospitals are getting more and more connected to provide better patient care, cyberbreaches now pose an even bigger risk than just PHI exposure—they can cause service disruption and potentially compromise patient safety.”