News & Comment: LabCorp hacked? Investigation under way

Attention Required! | Cloudflare

NEWS: From Databreaches.net

Ryan Parry reports:

Hackers breached the network of one of the largest clinical laboratories in America sparking fears of a major cyber security breach, DailyMail.com can reveal.

According to a company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.

COMMENT:

Pravin Kothari

“The LabCorp data breach is yet another heavy blow in the continued assault on healthcare. Consider that LabCorp is one of the largest diagnostic laboratories in the world, and, as you may not be aware, is a very critical part of U.S. healthcare infrastructure. They have hundreds of networked labs across the United States and all of them are likely interconnected centrally with LabCorp headquarters. This may be one of the largest healthcare networks in the world with connections to many thousands of physician offices, hospitals and their testing facility offices worldwide.

LabCorp made the wise decision to shut down their entire network while determining the extent of the breach. Taking this preventive action may be warranted especially if they are shutting down to stop the propagation of a  targeted ransomware attack and the possible destruction of patient laboratory data.

Consider that the single largest part of any patient record is almost always diagnostic tests. LabCorp connects electronically to many physician electronic medical record/electronic healthcare record (EMR/EHR) systems to both receive requests from physicians for patient testing, and then to return the results. Results are sometimes stored and sent using digital data, and other times using digital images of the test requests and test results. These systems also still work and interconnect with facsimile machines present in physician offices. As mentioned earlier, LabCorp also has connections to most of the hospitals and other clinics in the United States. All of this presents, at some point, perhaps an increased risk of cyberattacks propagating and moving through this expanded ecosystem.

LabCorp no doubt has reviewed and likely beefed up their cybersecurity and HIPAA compliance processes given their recent experiences with HIPAA related litigation. Unfortunately, in a potential breach this large, it is almost de rigueur for the department of Health and Human Services, Office of Civil Rights (HHS/OCR) to request a HIPAA audit of LabCorp and possibly closely related business partners that may get caught up in the breach. LabCorp will have to weather the cost, and risk, of any HIPAA audit and the continued cost and negative news as the saga unfolds.”

Pravin Kothari, CEO of cybersecurity solution provider CipherCloud

Photo Credit: Sky Noir Flickr via Compfightcc