A vulnerability in LabCorp’s website that hosts the company’s internal customer relationship management system, exposed thousands (at least 10,000) of medical documents that contained names, dates of birth, Social Security numbers of patients, lab test results and diagnostic data. While the system was password-protected, the part of the website that pulls patient files from the back-end system was left exposed.
LabCorp Security Lapse Exposed Thousands of Medical Documents: https://t.co/0qSPtG07me #slashdot A security flaw in LabCorp's website exposed thousands of medical documents, like test results containing sensitive health data. From a report: It's the second incident in the past …
— Jimmy Persson (@Jimbo0o0) January 29, 2020
Experts Comments
No security is perfect, and bad things can happen to anyone.
The LabCorp vulnerability is what’s known as a direct object reference. Any patient’s health information could be retrieved, without authorization, simply by changing a number in a URL. Although initial access to the web site was protected by a password, anyone could access patient health information without authentication. The situation is very much like locking the door of your house but leaving the windows wide open—anyone can come in and steal what they want.
This is a damaging.....Read More
However, the impact on the downstream lives of those thousands of affected patients may be significant.
This is LabCorp’s second time making headlines in less than a year. Yes, this new breach is less egregious than last summer’s breach affecting 7.7 million in that only "thousands of medical documents" containing sensitive health data were impacted. However, the impact on the downstream lives of those thousands of affected patients may be significant, as there's a better-than-average chance that much of their PII is now on the dark web, leaving them vulnerable to identity theft, account.....Read More
Breaches like the one affecting LabCorp illustrate the challenges of securely adopting SaaS at scale.
Breaches like the one affecting LabCorp illustrate the challenges of securely adopting SaaS at scale, particularly in highly targeted industries like healthcare. It’s the perfect example for why the next major trend in security is the adoption of solutions that enable fine-grained controls and visibility within a system, rather than just establishing perimeter controls. With the explosion of digital adopting across the healthcare industry, being able to manage data access at the individual.....Read More
Organizations that are able to develop an accurate inventory of all assets in their organization.
Breaches like the one affecting LabCorp illustrate the challenges of securing the increasingly complex digital ecosystems, particularly in sensitive industries like healthcare. Despite billions of dollars in spending, we continue to see breaches and exposures of critical assets, as was the case here, on an almost daily basis. Enterprises must recognize that not all assets have similar value to the organization and that they should focus on the most critical assets. Organizations that are able.....Read More
LabCorp and other healthcare organizations, who manage large amounts of confidential patient information.
The healthcare industry is one the primary targets for cybercriminals because selling protected health information (PHI) on dark web marketplaces can be extremely profitable. Unlike, for example, financial data, healthcare data usually contains fixed information, such as dates of birth and Social Security Numbers, which thieves can leverage to commit identity theft for years to come.
LabCorp and other healthcare organizations, who manage large amounts of confidential patient information,.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Personal information such as that exposed within this incident is delicate...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/labcorp-exposes-thousands-of-medical-documents-commentary
Facebook Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Personal information such as that exposed within this incident is delicate...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/labcorp-exposes-thousands-of-medical-documents-commentary