LabCorp, one of the nation’s two largest reference labs in the U.S., is investigating a security breach that could have put health records of millions of patients at risk (see: LabCorp Investigates a Possible Data Breach). The company, in a filing with the Securities and Exchange Commission, says it detected “suspicious activities” on its network the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.” LabCorp says it has not yet discovered any evidence of the unauthorized transfer or misuse of data it holds. The company added it has notified authorities and will cooperate in any investigation.
Data breaches are not unknown for reference labs. In December, 2016, Quest Diagnostics, LabCorp's major competitor, announced that an "unauthorized third party" hacked into the MyQuest patient portal, accessing protected health information (PHR) for about 34,000 patients including name, date of birth, lab results and in some cases, phone numbers (see: Quest data breach exposes private health information of 34,000 patients). It said the breach did not include Social Security numbers or credit card, insurance or other financial information. MyQuest is used by the patients of physicians who submit specimens to Quest to view their personal test results.
Update on 7/30/2018: LabCorp still recovering from ransomware, won't say if it's SamSam