LabCorp, one of the largest clinical blood testing labs in the U.S., is about 90 percent recovered from a SamSam ransomware attack that began around midnight July 13, CSO Online reports.
The SamSam hackers encrypted the first LabCorp computer by 6:00 p.m. July 14, and within 50 minutes, LabCorp's security operation center contained the spread of the infection and began remediation efforts. However, 7,000 systems and 1,900 servers — including 350 production servers — were affected before the ransomware was contained.
"We have been bringing those systems back up over the last several days," the company's statement reads. "If you are experiencing delays in accessing your test results or getting a response to your email inquiries or phone calls, we appreciate your patience and apologize for the inconvenience."
During the recovery efforts, LabCorp confirmed the attack leveraged brute-force, remote desktop protocol techniques.
LabCorp doesn't believe anything left its network during the attack and is confident no data breach occurred. To prevent a similar attack in the future, LabCorp will implement two-factor authentication.
SamSam has hit several healthcare organizations so far this year, including Allscripts and Greenfield, Ind.-based Hancock Health. However, RDP was only identified as an entry point in the attacks on Hancock and LabCorp. The SamSam group also attacked various state and city IT systems, including the Colorado Department of Transportation and the City of Atlanta.