Laboratory Corp. of America is now in recovery mode as the large medical-testing company fell victim to a ransomware attack around midnight on July 13th.
The company, popularly known as LabCorp, announced how the investigation was in progress after noticing the suspicious activity; the extent of the attack was previously disclosed. According to an article from Becker’s Health IT & CIO Report, hackers behind the SamSam attack encrypted LabCorp’s first computer by around 6PM on July 14, and in the next 50 minutes, the company’s security operation center worked to contain the ransomware infection. Before doing so, the attack had already spread to 7,000 systems and 1,900 servers, impacting one of the company’s genetic-testing units including its drug-development arm Covance.
As the company statement reads:
“We have been bringing those systems back up over the last several days. If you are experiencing delays in accessing your test results or getting a response to your email inquiries or phone calls, we appreciate your patience and apologize for the inconvenience."
As one of the world’s largest lab-testing companies within the U.S., LabCorp processes millions of blood, urine, and other diagnostic tests every week, maintaining a large database that consists of half the U.S. population’s health information.
LabCorp is confident that there was no data breach after the attack, and is now implementing a two-factor authentication system to avoid any possible attacks in the future.
This isn’t the first time SamSam has attacked major companies and facilities. The ransomware has hit Hartsfield-Jackson Atlanta International Airport, the Colorado Department of Transportation, city of Atlanta, and other healthcare organizations such as Allscripts and Hancock Health just in this year alone.
A spokeswoman from LabCorp commented on the impact upon the Covance sector, explaining how ransomware did not affect the devices (within that arm), but rather it was a security enhancement that was deployed companywide.
After the attack, hackers demanded a ransom of $6,000 in bitcoin for each machine--or a total of $52,500 to decrypt all devices--this according to the National Health Information Sharing and Analysis Center.
One person familiar with the situation at LabCorp commented on how the company had no intention of paying the ransomware demands, according to an article from The Wall Street Journal (WSJ).
LabCorp had identified the suspicious network activity as ransomware in a note to employees (also reviewed by WSJ). LabCorp told employees that the company refrained from notifying customers about the issue, instead “working to respond to specific customer inquiries.”
In their statement to employees:
“We believe that our efforts to quickly contain the ransomware and restore key system functions will limit potential impacts for customers.”
Meanwhile, notified employees were urged to stay off company devices until the problem was resolved. Later, the company sent an all-clear message with instructions on going back online.
In a note to employees the following Wednesday, LabCorp included a prewritten Q & A section that included the following question and answer:
“How certain are we that no data was lost or compromised as a result of this ransomware incident, including patient data?”
The answer--that did not provide much reassurance--follows:
“At this time, there is no evidence of theft or misuse of data.”
According to LabCorp’s most updated statement, the company is “confident that this ransomware did not and cannot spread to customer networks. LabCorp blocked the ransomware and enhanced...security measures, and thus [they] are confident that this particular ransomware cannot re-emerge on the LabCorp network.”
As a precautionary reminder to all, it is always best to stay up-to-date with software updates and implement a storage and backup solution for your business in case of cyberattacks. With Reevert’s intelligent hybrid backup and storage solution, your company is in great hands. Reevert provides reliable storage capabilities of hourly data snapshots, physical and virtual server backups within the cloud, and instantaneous data restoration that happens within seconds so your business is up and running in the event of a major ransomware attack.
Don’t be a victim of ransomware. A reevert appliance can safeguard your data against any kind of ransomware attack and reduce the full recovery time down to minutes! Click here for more information on how reevert can help your business stay safe!
For a hassle free 30 day trial, click the "Free Trial" button, download and deploy a copy of the appliance. No Credit Card required.