LabCorp, one of the largest medical diagnostic company in the US has confirmed that it was hit by a ransomware attack.
On Monday company reported it detected suspicious activity on its IT network during the weekend of July and took systems offline as part of security measures to limit any damage.
Following Thursday company confirmed it was a ransomware attack and at this time there is no evidence any misuse or theft of data.
The company refused to the say the name ransomware, but according to various reports it was identified as Samsam ransomware.
During the weekend of July 14, 2018, LabCorp detected suspicious activity on its information technology network. LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity. This temporarily affected test processing and customer access to test results over the weekend.” said LabCorp in a statement.
The suspicious activity was detected on LabCorp Diagnostics systems, and it did not affect the system used by Covance Drug Development.
The Samsam ransomware attack started on midnight on July 13, and the attackers infected the systems of LabCorp through Brute-force RDP.
After the first system was encrypted LabCorp SOC (Security Operation Center) identified the attack and immediately took actions to limit further damage.
The LabCorp SOC was able to contain the attack within 50 minutes, but the attackers were able to infect 7,000 systems and 1,900 servers within that time.
LabCorp said that investigation is still ongoing and are working with cybersecurity experts and law enforcement authorities to know the extent of the breach.
“Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored throughout the next several days. Some customers of LabCorp Diagnostics may experience brief delays in receiving results as we complete that process.”