[BreachExchange] LabCorp slapped with shareholder suit over data breaches

Destry Winant destry at riskbasedsecurity.com
Mon May 4 10:20:50 EDT 2020


https://techcrunch.com/2020/04/30/labcorp-suit-data-breaches/

A LabCorp  shareholder has filed a lawsuit against the laboratory
giant, accusing its board of concealing details of two data breaches
that affected millions of patients.

The derivative suit, filed on Tuesday by shareholder Raymond Eugenio,
targets the company’s leadership and board members, including its
chief executive, Adam Schechter.

The first breach hit third-party billing provider AMCA in 2019,
affecting 7.7 million LabCorp patients and millions more from other
lab test providers, including Quest and BioReference. A second
security lapse (discovered by TechCrunch earlier this year involving
the exposure of thousands of patient documents) was also referenced in
the suit.

At the heart of the complaint, the shareholder claims LabCorp’s
“insufficient cybersecurity procedures” contributed in part to the two
security incidents, and that the board fell short of its fiduciary
duty by not disclosing the security incidents to shareholders. LabCorp
also is accused of not informing patients and customers of the breach,
and the suit claims the company did not properly inform attorney
generals’ offices within the time given under state data breach
notification laws.

The suit also accuses LabCorp of failing to “disclose this breach in
any widely disseminated public release or SEC filing,” adding that the
incidents noted in the complaint were “unlawfully concealed from
LabCorp shareholders.”

LabCorp spokesperson Mike Geller said the lawsuit “will be vigorously defended.”

News of the suit was first reported by Bloomberg Law. You can read the
complaint here.


More information about the BreachExchange mailing list