LabCorp Security Flaw Exposes Information of Their Customers

From Privacy Wiki
Revision as of 13:39, 13 September 2020 by Upwork (talk | contribs) (Created page with "{{Event |Short Title=LabCorp Security Flaw Exposes Medical Information of Thousands of Customers |Location=Global |Date=2019 |Taxonomy=Insecurity |Personal Information=Medical...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


LabCorp Security Flaw Exposes Information of Their Customers
Short Title LabCorp Security Flaw Exposes Medical Information of Thousands of Customers
Location Global
Date 2019
Solove Harm Insecurity
Information Medical and Health, Identifying
Threat Actors LabCorp
Individuals
Affected LabCorp customers
High Risk Groups Medical Patient
Tangible Harms

In 2019 a global health diagnostics company LabCorp experienced a security incident that exposed thousands of medical documents of their customers.

Description

LabCorp is a global healthcare diagnostics company. A security flaw in its website exposed thousands of medical documents, like test results containing sensitive health data in 2019. It was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a password, the part of the website designed to pull patient files from the back-end system was left exposed. This is an example of Insecurity.

This is the second incident in 2019 after 7.7 million patients had been affected by a credit card data breach of a third-party payments processor.

Breakdown

Threat: LabCorp not protecting patients data from leak
At-Risk group: LabCorp customers
Harm: Insecurity
Secondary Consequences: not known

Laws and Regulations

Sources

https://techcrunch.com/2020/01/28/labcorp-website-bug-medical-data-exposed/

Retrieved from "https://privacy.wiki/index.php?title=LabCorp_Security_Flaw_Exposes_Information_of_Their_Customers&oldid=8081"