US clinical lab recovers within 50 minutes of getting hit by SamSam ransomware

LabCorp, a clinical lab based in Burlington, North Carolina, fell victim to a ransomware attack last week, in the latest in a long string of hacker attacks on the healthcare sector.

The healthcare testing & diagnostics company reportedly noticed suspicious activity on its information technology network during the weekend of July 14. According to CSO Online, the company made the attack public in an 8K filing with the Securities and Exchange Commission. It later released an advisory to all parties concerned, saying:

“The activity was subsequently determined to be a new variant of ransomware. LabCorp promptly took certain systems offline as part of its comprehensive response to contain and remove the ransomware from its system. This has temporarily affected some test processing and customer access to test results.”

Experts helping investigate determined that the SamSam ransomware strain used to infect LabCorp’s systems. This particular strain was also used recently to infect the Colorado Department of Transportation, as well as the City of Atlanta.

LabCorp estimated it was able to contain the attack within 50 minutes. The lab is currently at 90 percent capacity and expects to fully recover soon, suggesting it had some solid backups on hand as part of an internal anti-breach program. The company believes no data was stolen or leaked in the process.

“As part of our in-depth and ongoing investigation into this incident, LabCorp has engaged outside security experts and is working with authorities, including law enforcement. Our investigation has found no evidence of theft or misuse of data,” the company added.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: