Abbott Investigates Two Cyber Incidents Following Extortion Claims

 

Two separate cybersecurity incidents are being investigated by Abbott Laboratories after threat actors reportedly gained access to the company’s systems and accessed sensitive information. While one incident has been linked to the ShinyHunters extortion group, the other involves claims of unauthorized access to Abbott’s LabCentral customer portal. The company said both incidents are being investigated, and operations have not been disrupted. 
Both incidents have not adversely affected Abbott’s business operations, manufacturing, laboratory services, product availability, or customer support. According to the company, the unauthorized access was restricted to systems that operate independently of Abbott’s core infrastructure within its Cancer Diagnostics business, with no impact reported across other business units or sites due to the unauthorized access discovered. 
Several legacy Exact Sciences systems were discovered to have been accessed unauthorizedly by Abbott’s Cancer Diagnostics business. As a consequence of the ShinyHunters extortion group listing the company on its data leak site, Abbott confirmed the breach, and threatened to publish allegedly stolen information if negotiations were not held. Exact Sciences is part of Abbott’s Cancer Diagnostics division, which the company acquired earlier this year for $21 billion. 
Aside from Abbott’s core systems, Exact Sciences’ legacy infrastructure operates separately, which limits the scope of the incident. According to Abbott, the incident is isolated to the Cancer Diagnostics division and has not affected manufacturing, laboratory operations, product availability, patient services, or any other Abbott business systems.
A notification was sent to law enforcement, the company activated its incident response procedures, and external cybersecurity experts were engaged. In addition, Abbott stated that the incident will not negatively affect its financial performance. In response to the incident, Abbott has not provided information regarding the type of information that was accessed, noting that its investigation is ongoing. 
The company claims to have gained initial access to a Microsoft Entra single sign-on (SSO) account by launching a voice phishing (vishing) attack targeting Abbott employees in mid-June.
A number of enterprise platforms, including Microsoft Entra, ServiceNow, SharePoint, Databricks, and Coupa, were accessed by the group, which alleges that internal documents, contracts, customer information, and millions of medical records containing personally identifiable information (PII) have been exfiltrated. 
These claims have not been independently verified, however.

Separately, a threat actor claiming the name ShadowByt3$ has been associated with the breach of Abbott’s Core Laboratory Diagnostics business by exploiting compromised customer credentials by accessing the LabCentral customer portal hosted by a third party. It has been claimed that the attacker has obtained technical documentation, manufacturing certificates, regulatory files, and other product-related information. 

LabCentral was investigated by Abbott, but the attacker’s claims were disputed, as the portal only contains publicly available technical reference materials such as operating manuals, troubleshooting guides, and product specifications. The company indicated that confidential business information and sensitive customer information are not included in the environment. 
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: