A digital security flaw in Burlington-based LabCorp’s website has exposed thousands of medical documents, leading to test results containing sensitive health data being stolen.
The flaw was located on part of the site that pulled patient files from the back-end of the system. A portion of the site was left exposed to the Internet, without password protection, and this was visible in search engines, later cached by Google. According to TechCrunch, at least 10,000 documents were exposed.
The bug is now fixed. However, many heathcare institutions have been prominent targets for cyber attacks. In 2019, Patients of Quest Diagnostics, LabCorp, BioReference, and Clinical Pathology were included in the list of victims that claimed more than two dozen providers, according to Health IT Security.
Commenting on the new data breach, Jumio CEO Robert Prigge tells Digital Journal: “This is LabCorp’s second time making headlines in less than a year. ”
Acknowledging some different aspects in 2020 compared with the 2019 incident, Prigge notes: “Yes, this new breach is less egregious than last summer’s breach affecting 7.7 million in that only “thousands of medical documents” containing sensitive health data were impacted. However, the impact on the downstream lives of those thousands of affected patients may be significant.”
This significance is because, Priggse says, since “there’s a better-than-average chance that much of their personal identifiable information is now on the dark web, leaving them vulnerable to identity theft, account takeover and even prescription fraud.”