Labcorp IT Security Update (updated October 26, 2018)
During the weekend of July 14, 2018, Labcorp detected suspicious activity on its information technology network. The activity was subsequently determined to be a new variant of the SamSam ransomware, which is an attempt to lock or disable computers and servers to prevent access to data.
We responded quickly and decisively to protect our patient and customer data and to resume operations.
Labcorp promptly took certain systems offline as part of its comprehensive response to contain and remove the ransomware from its system. This temporarily affected test processing and access to test results. Operations were returned to normal within a few days of the event.
The ransomware was detected only on Labcorp Diagnostics systems; Covance Drug Development systems were not affected by the ransomware. Covance Drug Development staff were temporarily disconnected from the network as a precautionary measure as part of our overall incident response plan.
As part of our in-depth investigation into this incident, Labcorp engaged outside security experts and worked with authorities, including law enforcement. Based on that investigation, we provide the following updated information as of today:
No data was taken from Labcorp’s systems.
There is no evidence that any Labcorp data was removed from our systems. We have carefully and thoroughly analyzed the ransomware virus, and we have determined that it could not and did not transmit Labcorp data outside of our systems. Thus, we are confident that no customer or patient data was acquired, exfiltrated, or stolen from the Labcorp network by this ransomware.
The ransomware could not pass through EDI connections.
Most connections to our organization, including those used for transmission of test orders and results, are through electronic data interchange (EDI) connections, through which this ransomware cannot pass. We have found no evidence of this ransomware moving from Labcorp to any other entity, and we are confident that it did not and cannot spread to customer networks. Electronic connections to Labcorp systems are safe.
The network is safe.
The malware was blocked from our network by midnight on July 14, 2018, thus we are confident that this particular ransomware cannot re-emerge on the Labcorp network.
As always, we are practicing continued vigilance.
Labcorp takes data privacy and security very seriously and has robust security systems, protocols, and redundancies in place. We continue to enhance our capabilities to detect, contain, and eradicate malicious software.