Laboratory Corporation of America Holdings dba LabCorp
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at Laboratory Corporation of America Holdings (LabCorp) refers to multiple cybersecurity incidents that affected the company and its patients’ data. One significant breach involved LabCorp as one of the victims of the American Medical Collection Agency (AMCA) data breach in 2019, where hackers accessed AMCA’s systems, compromising the records of 10,251,784 LabCorp patients[21]. This breach led to the exposure of personal and financial information, including names, dates of birth, addresses, phone numbers, dates of service, provider details, and balance information. Credit card or bank account information may have also been accessed[17].
Another incident reported by TechCrunch in January 2020 involved a website misconfiguration that exposed around 10,000 LabCorp documents. This breach was allegedly not publicly disclosed by LabCorp nor mentioned in any Securities and Exchange Commission filings[21]. The documents contained sensitive patient information, and the breach was not reported to the HHS’ Office for Civil Rights, despite involving patient data[21].
As a result of these breaches, LabCorp shares lost value, and the company faced several class action lawsuits filed by the victims. A LabCorp shareholder, Raymond Eugenio, filed a lawsuit against the company and its executives and directors to recover losses caused by the data breaches. The lawsuit alleges that LabCorp failed to implement adequate cybersecurity measures and oversight, which directly resulted in the data breaches. The lawsuit seeks reimbursement for damages incurred by the breaches, public acknowledgment of the second breach, and an overhaul of corporate governance and internal procedures[21].
Citations:
- https://casetext.com/case/kovalev-v-lab-corp-of-am-holdings-2
- https://healthitsecurity.com/news/labcorp-hit-with-shareholder-lawsuit-over-2-separate-data-breaches
- https://techcrunch.com/2020/01/28/labcorp-website-bug-medical-data-exposed/
- https://www.sec.gov/files/litigation/complaints/2018/comp24221.pdf
- https://www.fiercehealthcare.com/tech/quest-labcorp-data-breach-highlights-cyber-risk-vendor-relationships-moody-s
- https://www.cpomagazine.com/cyber-security/second-data-leak-in-a-year-for-labcorp-exposes-over-10000-medical-records-what-keeps-going-wrong/
- https://law.justia.com/cases/delaware/superior-court/2021/n19c-06-054-emd-ccld.html
- https://www.washingtonpost.com/business/2019/06/05/labcorp-discloses-data-breach-affecting-million-customers/
- https://www.alliancetech.com/labcorp-data-breach-what-we-know/
- https://www.hipaajournal.com/july-2019-healthcare-data-breach-report/
- https://www.fiercehealthcare.com/tech/amca-breach-may-have-exposed-data-7-7m-labcorp-patients
- https://www.zdnet.com/article/investors-sue-labcorp-for-failures-to-shore-up-security-in-light-of-data-breach-ransomware-attack/
- https://casetext.com/case/federal-trade-commission-v-laboratory-corp-of-a
- https://techcrunch.com/2020/04/30/labcorp-suit-data-breaches/
- https://www.healthcareitnews.com/news/labcorp-goes-down-after-network-breach-putting-millions-patient-records-risk
- https://www.classaction.org/media/howard-et-al-v-laboratory-corporation-of-america-et-al.pdf
- https://www.securityweek.com/labcorp-says-77-million-patients-caught-amca-data-breach/
- https://ir.labcorp.com/static-files/180681dc-3339-4ab1-a21b-1b22ab2c5f44
- https://www.classlawgroup.com/labcorp-data-breach-lawsuit
- https://www.hipaajournal.com/healthcare-data-breach-2019-report/
- https://www.hipaajournal.com/shareholder-sues-labcorp-over-data-breaches/