Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Abbott Laboratories. Show all posts

Abbott Investigates Two Cyber Incidents Following Extortion Claims


 

Two separate cybersecurity incidents are being investigated by Abbott Laboratories after threat actors reportedly gained access to the company's systems and accessed sensitive information. While one incident has been linked to the ShinyHunters extortion group, the other involves claims of unauthorized access to Abbott's LabCentral customer portal. The company said both incidents are being investigated, and operations have not been disrupted. 

Both incidents have not adversely affected Abbott's business operations, manufacturing, laboratory services, product availability, or customer support. According to the company, the unauthorized access was restricted to systems that operate independently of Abbott's core infrastructure within its Cancer Diagnostics business, with no impact reported across other business units or sites due to the unauthorized access discovered. 

Several legacy Exact Sciences systems were discovered to have been accessed unauthorizedly by Abbott's Cancer Diagnostics business. As a consequence of the ShinyHunters extortion group listing the company on its data leak site, Abbott confirmed the breach, and threatened to publish allegedly stolen information if negotiations were not held. Exact Sciences is part of Abbott's Cancer Diagnostics division, which the company acquired earlier this year for $21 billion. 

Aside from Abbott's core systems, Exact Sciences' legacy infrastructure operates separately, which limits the scope of the incident. According to Abbott, the incident is isolated to the Cancer Diagnostics division and has not affected manufacturing, laboratory operations, product availability, patient services, or any other Abbott business systems.

A notification was sent to law enforcement, the company activated its incident response procedures, and external cybersecurity experts were engaged. In addition, Abbott stated that the incident will not negatively affect its financial performance. In response to the incident, Abbott has not provided information regarding the type of information that was accessed, noting that its investigation is ongoing. 

The company claims to have gained initial access to a Microsoft Entra single sign-on (SSO) account by launching a voice phishing (vishing) attack targeting Abbott employees in mid-June. A number of enterprise platforms, including Microsoft Entra, ServiceNow, SharePoint, Databricks, and Coupa, were accessed by the group, which alleges that internal documents, contracts, customer information, and millions of medical records containing personally identifiable information (PII) have been exfiltrated. 

These claims have not been independently verified, however. Separately, a threat actor claiming the name ShadowByt3$ has been associated with the breach of Abbott's Core Laboratory Diagnostics business by exploiting compromised customer credentials by accessing the LabCentral customer portal hosted by a third party. It has been claimed that the attacker has obtained technical documentation, manufacturing certificates, regulatory files, and other product-related information. 

LabCentral was investigated by Abbott, but the attacker's claims were disputed, as the portal only contains publicly available technical reference materials such as operating manuals, troubleshooting guides, and product specifications. The company indicated that confidential business information and sensitive customer information are not included in the environment. 

In the LabCentral portal, Abbott explained that it is hosted by a third party provider and serves as a repository of publicly available technical reference documents, including operating instructions, troubleshooting guides, and product specifications. In accordance with the company, sensitive customer information or proprietary business data is not known to have been compromised as a result of the reported incident. 

There has been a growing trend of cyberattacks targeting healthcare and medical technology over the past few years. In recent months, a number of companies, including Clover Health, Stryker, Medtronic, Novo Nordisk, and West Pharmaceutical Services, have reported cybersecurity incidents, illustrating the increasing risks associated with handling patient and healthcare-sensitive data. Several cyber-incidents have occurred in the medical technology sector in recent months, causing significant damage to the industry. 

A number of companies, including Stryker, Medtronic, Intuitive Surgical, iRhythm, and AdaptHealth, have reported cybersecurity incidents as well, underscoring the growing threat landscape for healthcare and medtech organizations. As of yet, neither ShinyHunters nor ShadowByt3$ has disclosed the data that they claim to have stolen. In addition to engaging external cybersecurity experts and notifying law enforcement, Abbott has also continued to investigate the possibility of access to any potentially sensitive information.

In addition, Abbott stated that it does not anticipate either incident to negatively impact its business or financial results. Abbott's ongoing investigations highlight the increasing cybersecurity challenges in the healthcare and medical technologies industries. 

However, despite the company's assurances that operations remain unaffected and that no sensitive customer information has been exposed, the incidents demonstrate how important it is to take quick action, to use robust security measures, and to continuously monitor against cyber threats as they evolve.