Cyber-Attack on US Laboratory

An American laboratory specializing in home phlebotomy has disclosed a cyber-attack that occurred five months ago after data stolen in the attack turned up online.

Apex Laboratory opened in 1997 and is based in Farmingdale, New York. The company has provided medical testing services to hundreds of home health agencies and thousands of physicians in New York and South Florida.

On July 25, 2020, Apex learned that it had become the victim of a cyber-attack that rendered certain files and systems inaccessible. Network access was restored along with the impacted data, and the company resumed normal operations on July 27. 

A third-party cyber forensic analyst was hired by Apex to investigate the attack. The investigation found no evidence of unauthorized access or acquisition of patient information, and Apex did not disclose the incident. 

However, Apex discovered last month that the cyber-criminals behind the attack had stolen "personal and health information for some patients" and posted it online on their blog. Information believed to have been taken includes patient names, dates of birth, test results, and, for some individuals, Social Security numbers and phone numbers.

Apex is yet to reveal how many patients were impacted by the incident, but the laboratory did say that the information stolen by the threat actors could have been pinched over a four-day period. 

"It is believed that this information may have been acquired from Apex’s systems between July 21, 2020 and July 25, 2020," stated Apex. 

From a notice of data event posted by Apex on December 31, the attack sounds like it might hav ..

Support the originator by clicking the read the rest link below.