With dozens of locations across the United States, LabCorp is one of the world's largest clinical laboratory testing groups. It also became the latest entry on the list of U.S. healthcare industry players to be impacted by a data breach.
Over the weekend LabCorp announced that it was investigating unauthorized activity on its network. According to a company statement, there is "no evidence of unauthorized transfer or misuse of data." Given the highly-sensitive nature of the personal information LabCorp handles on a daily basis, that would be a best-case scenario.
Few details about the incident have been shared so far. When the suspicious activity was detected, LabCorp responded by shutting down portions of its network. Systems linked to test processing and customer access were temporarily taken offline. LabCorp believes that the malicious activity did not spread beyond its diagnostic equipment.
At this stage of the investigation it appears that the LabCorp attack may have followed a familiar pattern. On Tuesday an FBI spokesperson confirmed that the Bureau is aware of a "possible ransomware attack involving LabCorp’s network system."
That shouldn't come as a surprise. Cybercriminals have been launching sustained spearphishing attacks on organizations like LabCorp for years in the hopes of spreading ransomware. Such companies are particularly enticing targets because of the value -- and amount -- of data that they store. LabCorp's multi-billion-dollar revenues only add to its appeal.
LabCorp sits on countless gigabytes of irreplaceable patient data that could be locked away by ransomware. It also has very deep pockets. Hackers could be hoping that LabCorp would rather pay a few hundred thousand dollars to make the problem go away rather than spending millions on other measures.
Remediation costs for even a relatively small ransomware outbreak can quickly climb into the millions. IBM pinned the average cost for a business to be around $3.86 million in 2017 -- and that figure will likely climb this year.
