Second LabCorp Data Breach Exposes Patient Data

If you are a LabCorp patient, you should be aware of a recent LabCorp data breach that exposed thousands of patients’ documents. Medical providers, hospitals and insurance companies are often hot targets for data breaches due to the sheer volume of information they gather on their patients. According to the Identity Theft Resource Center’s 2019 End-of-Year Data Breach Report, the medical industry had the second-highest number of data breaches over 2018. When lives are at stake, providers cannot afford to be wrong about which patient is which. Therefore, patient records often contain things like full names, addresses, birthdates and even Social Security numbers. In short, patient records are a gold mine for identity thieves.

Unfortunately, knowing that’s the case is not always enough to protect the public.

TechCrunch recently reported that it discovered a trove of LabCorp patient information in an accidental overexposure breach that contained at least 10,000 patients’ documents. The information was stored for internal retrieval, but once one document was inadvertently made available in a cache of Google data. It was simply a matter of changing the digits in the web document’s address to find many more patients.

It is similar to finding a physical address by searching for it online. You type in a street address and your search engine shows you a picture of the house or the business. By changing the numbers in the street address—either randomly guessing those numbers or doing it systematically—the search engine will then show you more results. In the case of the LabCorp data breach, by changing the numbers in the patient’s address, anyone who knew to look for it could see all of the other available patients’ records.

These records contained detailed personal data, and in some cases, Social Security numbers.

LabCorp has not responded publicly to the report of the LabCorp data breach, although the server has been taken offline and the Google cache link is now useless. TechCrunch reached out to some of the patients whose data they retrieved and confirmed that it was their legitimate records, but LabCorp has not stated what will happen next. This is the second breach of LabCorp’s patient records in a year.

ITRC partner, Breach Clarity, provides a risk score with actions to take after a breach

If you believe you your information was exposed as part of the LabCorp data breach, reach out to the Identity Theft Resource Center toll-free at 888.400.5530 or through live chat to speak with one of our advisors about your next steps.

 Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help app from ITRC.

You may also like…

Tax Identity Theft Awareness Week 2020

California Consumer Privacy Act (CCPA) Goes Into Effect

Epilepsy Foundation Cyberattack Leads to Weaponized Social Media Accounts