Cyber Incident Victim: LabCorp

On July 18, 2018, LabCorp disclosed a cybersecurity breach affecting its IT network, detected over the weekend of July 14-15. The company, one of the largest diagnostic laboratory networks in the United States, stated the intrusion occurred on its Diagnostics systems but did not impact other divisions like Covance Drug Development. LabCorp immediately implemented containment measures by shutting down portions of its infrastructure, which temporarily disrupted test processing and blocked customer access to results. The company filed an SEC 8-K form confirming these operational interruptions while emphasizing no evidence of unauthorized data transfer or misuse. Restoration efforts began promptly, with testing operations substantially resuming by July 18 and remaining systems expected to return gradually over subsequent days. LabCorp notified relevant authorities but did not initially disclose technical details about the attack vector or scope.

Further investigation revealed the incident involved a SamSam ransomware infection deployed through brute-force attacks targeting Remote Desktop Protocol (RDP) access points. Sources familiar with the attack confirmed this methodology to media outlets by July 19. The breach’s confinement to Diagnostics systems prevented collateral damage to LabCorp’s drug testing infrastructure, though the company’s decision to isolate its entire network underscored concerns about potential lateral movement across its interconnected facilities. Industry experts highlighted LabCorp’s critical role in U.S. healthcare infrastructure, noting its network links to thousands of physician offices and hospitals globally. Operational disruptions affected millions of patients reliant on LabCorp’s services, though full system functionality was progressively restored without confirmed data exfiltration. The incident exemplified healthcare sector vulnerabilities to financially motivated attacks targeting sensitive data.