Submitted via IRC for BoyceMagooglyMonkey
LabCorp, the US' biggest blood testing laboratories network, announced on Monday that hackers breached its IT network over the weekend.
"At this time, there is no evidence of unauthorized transfer or misuse of data," the company said. "LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation."
[...] "LabCorp made the wise decision to shut down their entire network while determining the extent of the breach," Kothari added, suggesting that the hacker(s) could have very easily propagated through this interconnected network to reach other organizations.
Healthcare organizations are often the targets of hackers mainly due to the highly sensitive data they work with, which is worth more when crooks sell it online, rather than classic username-email-password combos.
Source: Hackers Breach Network of LabCorp, US' Biggest Blood Testing Laboratories
(Score: 3, Informative) by pendorbound on Thursday July 19 2018, @04:25PM
Most HIPAA compliant shops will have full logging of packet counts/sizes at their firewall. They won't see the equivalent of file paths like you might from file transfer software logs, but they'll definitely be able to confirm the size of any data exfiltrated from their network. Tricks like tunneling through ICMP or DNS requests or through any kind of encrypted tunnel don't sneak under the radar when you're logging every TCP frame sent or received.
You may or may not be able to tell "what," but "how much" should be a no-brainer. Significant deviations from normal traffic patterns should be sufficient to raise an alert even absent any other indication of intrusion.