LabCorp, a healthcare diagnostics company, has shut down its systems after a suspected network breach, which could have put millions of health records at risk.
In a report to the United States Securities and Exchange Commission, the company announced that during the weekend of July 14 2018, it had detected suspicious activity on its IT network and immediately took specific systems offline. The company said that the suspicious activity has been detected only on LabCorp Diagnostics systems, and that "there was no indication that it affected systems used by Covance Drug Development."
LabCorp provides diagnostic, drug development and technology-enabled solutions for more than 115 million patients per year, according to its website. It typically processes tests on more than 2.5 million patient specimens per week and supports clinical trial activity in around 100 countries. It has over 1900 patient service centers in the US.
The filling itself does not go into detail as to which systems might have been affected, but concerns over patient data are justified. In August 2017, the NHS suffered a data breach where 1.2 million patient names were hacked, and another breach which resulted in 655,000 patient records from three hacked healthcare providers being sold.
According to Healthcare IT News, in June 2018 LabCorp successfully won a court battle over an alleged HIPAA violation and was accused of not providing enough privacy protection at its Providence Hospital computer intake system. LabCorp argued an individual can’t bring a lawsuit under HIPAA and filed a motion to dismiss. The judge agreed.
HIPAA has also published that there have been 2181 healthcare data breaches since 2009, the largest being Anthem Inc. which had 78.8 million records stolen from a database hack.
"We take it for granted that doctors and medical professionals will have complete access to our health profiles and background... however the very nature of this access, and the vast amount of information held within the healthcare industry, make it a prime and profitable target for criminals," wrote Suzanne Widup, senior analyst, Verizon Security, back in March 2018. "Knowing which security threats are out there, and what steps to take to proactively prevent security incidents is vital if personal healthcare information is to be kept safe."
While it has not been confirmed by LabCorp who is behind the suspected attack, Verizon's 2018 Protected Health Information Data Breach Report highlighted that healthcare was the only industry in which internal actors were the biggest threat to an organisation, driven by financial gain or looking up personal records of celebrities.