Investors have filed a lawsuit against LabCorp, claiming that the company's board failed to address security problems that led to financial losses.
As reported by Bloomberg Law, LabCorp's chief executive, chief information officer, and chief financial officer are specifically named in the Delaware court case, which accuses them of ignoring "persistently deficient cybersecurity measures" that led to a data breach and malware infection.
According to the lawsuit, failing to address these problems has impacted investors and resulted in financial losses due to share price changes, and therefore, damages are sought.
A data breach occurring at the American Medical Collection Agency (AMCA) lasted for a period of eight months, between August 2018 and March 2019. The billing agency's breach, in which a threat actor was able to compromise internal networks, led to the theft of information belonging to at least 20 million US citizens.
Patient data from corporate clients including Quest Diagnostics, BioReference Laboratories, and LabCorp was compromised. AMCA was unable to handle the financial ramifications of the security incident and later filed for bankruptcy.
Over 7 million patient records were stolen from LabCorp alone. However, this was not the only cybersecurity issue the company faced.
LabCorp was also subject to malware infection in late 2018, in which a threat actor was able to infect the company's network with SamSam ransomware.
LabCorp revealed that the ransomware was detected on diagnostic systems and on discovery, the impacted systems were taken offline while the infection was eradicated. A few days of disruption followed but it is not thought any client data was stolen.
The company has recently reported Q1 2020 losses of $317.2 million and has withdrawn 2020 guidance. LabCorp says that the COVID-19 pandemic has devastated product demand and has already cost the company millions of dollars -- forcing LabCorp to suspend a buyback program, furlough employees, and scale back expenses.
In March, LabCorp was issued with a separate lawsuit in Delaware by John Hopkins over cancer screening license fees.
Previous and related coverage
- AMCA data breach has now gone over the 20 million mark
- PhantomLance spying campaign breaches Google Play security
- This is the impact of a data breach on enterprise share prices
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0