LabCorp Exposes Thousands Of Medical Documents – Commentary

A vulnerability in LabCorp’s website that hosts the company’s internal customer relationship management system, exposed thousands (at least 10,000) of medical documents that contained names, dates of birth, Social Security numbers of patients, lab test results and diagnostic data. While the system was password-protected, the part of the website that pulls patient files from the back-end system was left exposed.


EXPERTS COMMENTS
Piyush Pandey, CEO,  Appsian
January 30, 2020
Breaches like the one affecting LabCorp illustrate the challenges of securely adopting SaaS at scale.
Breaches like the one affecting LabCorp illustrate the challenges of securely adopting SaaS at scale, particularly in highly targeted industries like healthcare. It’s the perfect example for why the next major trend in security is the adoption of solutions that enable fine-grained controls and visibility within a system, rather than just establishing perimeter controls. With the explosion of dig ....
[Read More >>]
Vinay Sridhara, CTO,  Balbix
January 30, 2020
Organizations that are able to develop an accurate inventory of all assets in their organization.
Breaches like the one affecting LabCorp illustrate the challenges of securing the increasingly complex digital ecosystems, particularly in sensitive industries like healthcare. Despite billions of dollars in spending, we continue to see breaches and exposures of critical assets, as was the case here, on an almost daily basis. Enterprises must recognize that not all assets have similar value to the ....
[Read More >>]
Boris Cipot, Senior Sales Engineer ,  Synopsys
January 29, 2020
Personal information such as that exposed within this incident is delicate.
Digitalisation brings about a lot of benefits such as ease of information accessibility as well as environmental benefits that come with the elimination of printing and mailing paper copies to patients. With such benefits, digitalisation also introduces risk. Personal information such as that exposed within this incident is delicate. Personal medical information should clearly be handled securely. ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
January 29, 2020
No security is perfect, and bad things can happen to anyone.
The LabCorp vulnerability is what’s known as a direct object reference. Any patient’s health information could be retrieved, without authorization, simply by changing a number in a URL. Although initial access to the web site was protected by a password, anyone could access patient health information without authentication. The situation is very much like locking the door of your house but le ....
[Read More >>]
Robert Prigge, CEO,  Jumio
January 29, 2020
However, the impact on the downstream lives of those thousands of affected patients may be significant.
This is LabCorp’s second time making headlines in less than a year. Yes, this new breach is less egregious than last summer’s breach affecting 7.7 million in that only "thousands of medical documents" containing sensitive health data were impacted. However, the impact on the downstream lives of those thousands of affected patients may be significant, as there's a better-than-average chance tha ....
[Read More >>]
Stephan Chenette , Co-Founder and CTO,  AttackIQ
January 29, 2020
LabCorp and other healthcare organizations, who manage large amounts of confidential patient information.
The healthcare industry is one the primary targets for cybercriminals because selling protected health information (PHI) on dark web marketplaces can be extremely profitable. Unlike, for example, financial data, healthcare data usually contains fixed information, such as dates of birth and Social Security Numbers, which thieves can leverage to commit identity theft for years to come. LabCorp an ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article