Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

Second LabCorp Data Breach Exposes Patient Data

Date: 01/30/2020

If you are a LabCorp patient, you should be aware of a
recent LabCorp data breach that exposed thousands of patients’ documents. Medical
providers, hospitals and insurance companies are often hot targets for data
breaches due to the sheer volume of information they gather on their patients.
According to the Identity Theft Resource Center’s 2019 End-of-Year Data
Breach Report, the medical industry had the second-highest number of data
breaches over 2018. When lives are at stake, providers cannot afford to be
wrong about which patient is which. Therefore, patient records often contain
things like full names, addresses, birthdates and even Social Security numbers.
In short, patient records are a gold mine
for identity thieves.

Unfortunately, knowing that’s the case is not always enough
to protect the public.

TechCrunch recently reported that it
discovered a trove of LabCorp patient information in an accidental
overexposure breach that contained at least 10,000 patients’ documents. The
information was stored for internal retrieval, but once one document was
inadvertently made available in a cache of Google data. It was simply a matter
of changing the digits in the web document’s address to find many more
patients.

It is similar to finding a physical address by searching for
it online. You type in a street address and your search engine shows you a
picture of the house or the business. By changing the numbers in the street
address—either randomly guessing those numbers or doing it systematically—the
search engine will then show you more results. In the case of the LabCorp data
breach, by changing the numbers in the patient’s address, anyone who knew to
look for it could see all of the other available patients’ records.

These records contained detailed personal data, and in some
cases, Social
Security numbers.

LabCorp has not responded publicly to the report of the LabCorp data breach, although the server has been taken offline and the Google cache link is now useless. TechCrunch reached out to some of the patients whose data they retrieved and confirmed that it was their legitimate records, but LabCorp has not stated what will happen next. This is the second breach of LabCorp’s patient records in a year.

Image
ITRC partner, Breach Clarity, provides a risk score with actions to take after a breach

If you believe you your information was exposed as part of the LabCorp data breach, reach out to the Identity Theft Resource Center toll-free at 888.400.5530 or through live chat to speak with one of our advisors about your next steps.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help app from ITRC.

You may also like…

Tax Identity Theft Awareness Week 2020

California Consumer Privacy Act (CCPA) Goes Into Effect

Epilepsy Foundation Cyberattack Leads to Weaponized Social Media Accounts 

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.