healthcare · BleepingComputer
Abbott Laboratories is investigating two separate cybersecurity incidents. The company confirmed unauthorized access to legacy Exact Sciences systems within its Cancer Diagnostics business after the ShinyHunters extortion group listed Abbott on its data leak site and demanded negotiation by July 18 (later extended to July 21). ShinyHunters claims it compromised a Microsoft Entra SSO account via vishing attacks in mid-June, then exfiltrated data from Entra, ServiceNow, SharePoint, Databricks, and Coupa. The group alleges it stole millions of rows of customer PII, medical records, and doctor-patient notes, though these claims remain unverified. Abbott states the incident does not impact operations, manufacturing, or patient care, and does not expect material financial impact. A second incident involves threat actor ShadowByt3$, who claims to have breached Abbott's LabCentral customer portal using compromised credentials on July 4, exfiltrating product documentation and intellectual property but no customer data.
Healthcare providers and medtech manufacturers should note that SSO account compromise via social engineering remains a high-impact attack vector—ShinyHunters has specifically targeted Microsoft Entra, Okta, and Google accounts to pivot into connected SaaS platforms. For healthcare organizations subject to HIPAA, the alleged exfiltration of doctor-patient conversations and medical records represents a reportable breach triggering notification requirements. Defense contractors and medical-device makers handling sensitive technical specifications and regulatory documentation should assess their own SSO hygiene, API endpoint logging, and access controls to detect lateral movement similar to what both threat actors allegedly executed. An Omniware engagement can scope identity and access management controls, SaaS application logging, and incident detection posture in detail.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/abbott-laboratories-probes-two-cyber-incidents-amid-extortion-claims/
Source: BleepingComputer
All briefings