Laboratory Corporation of America Holdings dba LabCorp

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Laboratory Corporation of America Holdings (LabCorp) refers to multiple cybersecurity incidents that affected the company and its patients’ data. One significant breach involved LabCorp as one of the victims of the American Medical Collection Agency (AMCA) data breach in 2019, where hackers accessed AMCA’s systems, compromising the records of 10,251,784 LabCorp patients[21]. This breach led to the exposure of personal and financial information, including names, dates of birth, addresses, phone numbers, dates of service, provider details, and balance information. Credit card or bank account information may have also been accessed[17].

Another incident reported by TechCrunch in January 2020 involved a website misconfiguration that exposed around 10,000 LabCorp documents. This breach was allegedly not publicly disclosed by LabCorp nor mentioned in any Securities and Exchange Commission filings[21]. The documents contained sensitive patient information, and the breach was not reported to the HHS’ Office for Civil Rights, despite involving patient data[21].

As a result of these breaches, LabCorp shares lost value, and the company faced several class action lawsuits filed by the victims. A LabCorp shareholder, Raymond Eugenio, filed a lawsuit against the company and its executives and directors to recover losses caused by the data breaches. The lawsuit alleges that LabCorp failed to implement adequate cybersecurity measures and oversight, which directly resulted in the data breaches. The lawsuit seeks reimbursement for damages incurred by the breaches, public acknowledgment of the second breach, and an overhaul of corporate governance and internal procedures[21].

Citations:

  1. https://casetext.com/case/kovalev-v-lab-corp-of-am-holdings-2
  2. https://healthitsecurity.com/news/labcorp-hit-with-shareholder-lawsuit-over-2-separate-data-breaches
  3. https://techcrunch.com/2020/01/28/labcorp-website-bug-medical-data-exposed/
  4. https://www.sec.gov/files/litigation/complaints/2018/comp24221.pdf
  5. https://www.fiercehealthcare.com/tech/quest-labcorp-data-breach-highlights-cyber-risk-vendor-relationships-moody-s
  6. https://www.cpomagazine.com/cyber-security/second-data-leak-in-a-year-for-labcorp-exposes-over-10000-medical-records-what-keeps-going-wrong/
  7. https://law.justia.com/cases/delaware/superior-court/2021/n19c-06-054-emd-ccld.html
  8. https://www.washingtonpost.com/business/2019/06/05/labcorp-discloses-data-breach-affecting-million-customers/
  9. https://www.alliancetech.com/labcorp-data-breach-what-we-know/
  10. https://www.hipaajournal.com/july-2019-healthcare-data-breach-report/
  11. https://www.fiercehealthcare.com/tech/amca-breach-may-have-exposed-data-7-7m-labcorp-patients
  12. https://www.zdnet.com/article/investors-sue-labcorp-for-failures-to-shore-up-security-in-light-of-data-breach-ransomware-attack/
  13. https://casetext.com/case/federal-trade-commission-v-laboratory-corp-of-a
  14. https://techcrunch.com/2020/04/30/labcorp-suit-data-breaches/
  15. https://www.healthcareitnews.com/news/labcorp-goes-down-after-network-breach-putting-millions-patient-records-risk
  16. https://www.classaction.org/media/howard-et-al-v-laboratory-corporation-of-america-et-al.pdf
  17. https://www.securityweek.com/labcorp-says-77-million-patients-caught-amca-data-breach/
  18. https://ir.labcorp.com/static-files/180681dc-3339-4ab1-a21b-1b22ab2c5f44
  19. https://www.classlawgroup.com/labcorp-data-breach-lawsuit
  20. https://www.hipaajournal.com/healthcare-data-breach-2019-report/
  21. https://www.hipaajournal.com/shareholder-sues-labcorp-over-data-breaches/
Breach Submission Date Sep 08, 2023
Converted Entity Name Laboratory Corporation of America Holdings dba LabCorp
Converted Entity Type Healthcare Provider
State NC
Individuals Affected 1,431
Breach Type Unauthorized Access/Disclosure

Breach Information Location Other

Business Associate Present Yes