Investors sue LabCorp over security failures in light of data breach, ransomware attack

The lawsuit claims that the company’s security posture led to investor losses.

You'll need more than an antivirus: 'Malware-free' attacks on the rise

Investors have filed a lawsuit against LabCorp, claiming that the company's board failed to address security problems that led to financial losses. 

As reported by Bloomberg Law, LabCorp's chief executive, chief information officer, and chief financial officer are specifically named in the Delaware court case, which accuses them of ignoring "persistently deficient cybersecurity measures" that led to a data breach and malware infection. 

See also: Data breach forces medical debt collector AMCA to file for bankruptcy protection

According to the lawsuit, failing to address these problems has impacted investors and resulted in financial losses due to share price changes, and therefore, damages are sought. 

A data breach occurring at the American Medical Collection Agency (AMCA) lasted for a period of eight months, between August 2018 and March 2019. The billing agency's breach, in which a threat actor was able to compromise internal networks, led to the theft of information belonging to at least 20 million US citizens. 

Patient data from corporate clients including Quest Diagnostics, BioReference Laboratories, and LabCorp was compromised. AMCA was unable to handle the financial ramifications of the security incident and later filed for bankruptcy

Over 7 million patient records were stolen from LabCorp alone. However, this was not the only cybersecurity issue the company faced. 

CNET: Quibi, Wish, JetBlue, others leaked users' email addresses, researcher finds

LabCorp was also subject to malware infection in late 2018, in which a threat actor was able to infect the company's network with SamSam ransomware

LabCorp revealed that the ransomware was detected on diagnostic systems and on discovery, the impacted systems were taken offline while the infection was eradicated. A few days of disruption followed but it is not thought any client data was stolen. 

TechRepublic: Messaging apps are getting more use, and it's putting companies at risk

The company has recently reported Q1 2020 losses of $317.2 million and has withdrawn 2020 guidance. LabCorp says that the COVID-19 pandemic has devastated product demand and has already cost the company millions of dollars -- forcing LabCorp to suspend a buyback program, furlough employees, and scale back expenses.  

In March, LabCorp was issued with a separate lawsuit in Delaware by John Hopkins over cancer screening license fees. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0