LabCorp is an American S&P 500 company. It’s headquartered in Burlington, North Carolina, and is one of the largest clinical laboratory networks in the world.
The breach was a “security lapse,” as described by TechCrunch, which found and investigated the breach. The news outlet found that the details available through the server included birthdays, names, and, in select cases, social security numbers.
“This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system,” said TechCrunch. “Although the system appeared to be protected with a password, the part of the website designed to pull patient files from the back-end system was left exposed. That unprotected web address was visible to search engines and was later cached by Google, making it accessible to anyone who knew where to look.”
This breach occurred in January 2020.
The breach impacts a portion of LabCorp customers. According to TechCrunch’s investigation, the breach seems to primarily affect cancer patients.
Investigation into the breach showed that at least 10,000 files were affected. A LabCorp spokesperson, Donald Von Hogan, said, “I can confirm that we have terminated access to the system.” The web address is still in Google’s search results, but the link is dead, meaning no unauthorized parties should be able to access it.