LabCorp Investigating Possible Data Breach

LabCorp, one of the world’s largest clinical testing laboratories, has experienced a cyberattack that has potentially resulted in the health data of millions of patients being accessed by hackers.

The cyberattack was detected over the weekend of July 14, when unusual activity was detected on its Diagnostics systems. The IT security team took prompt action and started shutting down systems to contain the attack. Some of those systems are still offline as efforts continue to investigate the breach, determine its scope, and discover whether access to health data was gained by the attackers.

LabCorp operates 36 testing facilities throughout the United States, runs the National Genetics Institute in Los Angeles, and heads up drug development programs, and supports clinical trials in 100 countries. The company stores a considerable volume of patient data including personal information and test results. LabCorp processes the test results of more than 2.5 million patients every week and tallies 115 million patient encounters each year. If access to data was obtained, this could be one of the most serious breaches of 2018 to date.

At this stage it is unclear if, and how many, patients have been impacted. According to a statement released by LabCorp, the cyberattack involved a previously unknown ransomware variant. Ransomware typically encrypts files, but does not involve data exfiltration.

LabCorp reacted promptly to the attack and implemented its emergency protocols to limit the potential for harm and data theft. The Securities and Exchange Commission (SEC) has already been notified about the breach although, at the time of writing, no notice has been published on its corporate website.

In its SEC filing, the company explained that certain systems had been shut down to contain the attack. “This temporarily affected test processing and customer access to test results on or over the weekend. Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days.”

At this stage, no evidence has been uncovered to suggest any patient data or other sensitive information has been transferred from its servers, and neither have there been any reports of data misuse. Law enforcement has been notified about the attack and other appropriate authorities have been informed.

LabCorp said the suspicious activity was detected on LabCorp Diagnostics systems, and not any systems used by Covance Drug Development.

Should patient data access be suspected, LabCorp will issue notifications to affected individuals as per HIPAA Rules.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of