Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved “a new variant” of ransomware.
“Our investigation has found no evidence of theft or misuse of data,” the company says in a statement provided to Information Security Media Group on July 20. Although it confirms that the cyberattack that was detected involved ransomware, it did not specify the type of ransomware involved.
The company says it’s been working to restore full system functionality as quickly as possible. It says that as of July 20, its lab test operations have substantially resumed, and it’s working to restore additional systems and functions over the next several days.
Burlington, N.C.-based LabCorp, one of the largest diagnostic lab companies in the world, with $10.8 billion in annual revenue, issued a special 8K filing on July 16 with the U.S. Securities and Exchange Commission saying that it had detected suspicious activity on its IT network the weekend of July 14, but that statement didn’t specify that ransomware was involved.
According to some news media reports, the attack on LabCorp involved a variant of SamSam, ransomware. Federal regulators have issued warnings to the healthcare sector about SamSam after a series of attacks.
CSO Online, citing unnamed sources familiar with the organization, reports that hackers used brute force against LabCorp’s remote desktop protocol and deployed SamSam to the LabCorp network, allegedly “encrypting thousands of systems and several hundred production servers” between the time the lab company detected suspicious activity on its IT network and began to mitigate the incident.
An alert issued in late March from the Department of Health and Human Services’ Healthcare Cybersecurity and Communications Integration Center noted that the SamSam malware, active since 2016, has been largely associated with ransomware attacks against hospitals and others in the healthcare and public health sector. As of March, HHS said the SamSam malware had infected at least 10 entities, including eight healthcare sector organizations, since Dec. 26, 2016.
