It’s only been a day or so since the news of the LabCorp cyber attack has gone public. As this story unfolds it should be both a warning and a lesson to businesses in general but particularly to those that hold sensitive customer data. The healthcare industry and financial services organizations are targeted destinations for cyber criminals.
WRAL TechWire released an initial report stating that, “Global lab testing and life science firm LabCorp has reported a possible breach of its network and has notified “relevant authorities.” The FBI told Triad TV station WFMY that it was aware of “reports of a ransomware attack” involving LabCorp
Fairly soon thereafter: Citing an update from LabCorp, the Triad Business Journal said the company acknowledged “the activity was subsequently determined to be a new variant of ransomware. LabCorp promptly took certain systems offline as part of its comprehensive response to contain and remove the ransomware from its system.”
Inside the industry Health Care IT News.com reported that “North Carolina-based LabCorp Diagnostics, one of the largest clinical laboratories in the U.S., was forced to shut down its network on Sunday after officials detected suspicious activity, according to a recent U.S. Securities and Exchange Commission filing. Over the weekend of July 14, hackers got into LabCorp’s network. Officials immediately took certain systems offline as part of its breach response policy to contain the hack. As a result, test processing and customer access to test results were temporarily impacted. According to its site, LabCorp services more than 115 million patient encounters annually, which potentially put all of those patient records at risk if they were located on the impacted network.”
As we follow this story, there are both warnings to heed and lessons to learn. LabCorp appears to have suffered a ransomware attack. We have all heard this term over the last few years but do we really know what it means. Ransomware has been around for awhile but it’s use has picked up in the last few years because it can be deployed by almost anyone, is almost untraceable, and it uses a form of delivery that is almost unstoppable.
According to Malwarebytes.com “ ransomware, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.”
Warnings to consider:
Warning: understand what ransomware is and take precautionary steps to protect your company!
Warning: ransomware is delivered through phishing email and file attachments. Learn how to tell what is real and what is not!
Warning: ransomware locks down your files until you pay the ransom. Back-up your files daily!
Warning: even if you pay the ransom there is no guarantee your systems will be unlocked!
Warning: ransomware doesn’t just steal your data, it can put you out of business!
Scary stuff, right? But here is the good news.
We can learn and be prepared.
Lesson: LabCorp did the right thing by being prepared. They notified authorities. According to NC law if your business undergoes a cyber attack and data is breached you are required to report it. Also, note that the FBI in our area is very active in cyber breach cases.
Lesson: LabCorp has a breach response policy in place. A breach response policy is a step-by-step plan detailing the steps to take at the first sign of an incident. If you don’t have one in place, our team can help develop one for you.
Lesson: Immediately take systems affected off-line. Remember ransomware spreads through the network.
Lesson: Most ransomware is spread through human error. Up to 84% of breaches are caused by someone clicking on a link or file that is infected. There are very good inexpensive on-line training programs available to train your employees. We can also help you create a custom training plan.
Lesson: There are software programs, affordable for small business that will help you both stop ransomware and even roll it back to save your files if you have an event. Be sure to ask our engineers for a list of our top recommended programs.
If you are going to be connected, you MUST be protected. Your business depends on it!
Rick Miller is COO and Partner of The Tek, an MSSP specializing in risk assessment, risk mitigation, protection, and education to SMBs. Rick is a long-term veteran in the IT industry. His success has been founded in propelling start-ups and turnarounds to success and profitability. His experience has helped to grow multiple companies from start-up to profitability.