An aggravated shareholder sues the American testing giant- Labcorp. They only recently suffered two data breaches, and this has caused a massive devaluation in the firm’s shares.
Labcorp was one of over 24 companies in the infamous 2019 American Medical Collection Agency breach. Also under the span of a year, has suffered two data breaches.
In a breach that went unnoticed for a period of close to eight months, hackers compromised the systems of AMCA. They had access to the data of 7.7million Labcorp patients. In response to this, patients filed several lawsuits against AMCA and Labcorp.
In January 2020, the second data breach took place when a mishap in the configuration of a website ended with over 10,000 company files becoming public.
A shareholder, Raymond Eugenio, filed a suit against LabCorp in a bid to seek compensation for the share value losses. The said V.L was a resultant effect of the two cyberattack disruption.
The filing of the lawsuit in late April in the court of chancery of the state of Delaware. Eugenio declares that LabCorp had not disclosed to the general public the news about the 2020 breach. He also insisted that they did not mention it in any filing with the Securities and Exchange Commission.
Apparently, at the time of the news reporting by the press, the Health and Human Services Department didn’t list it on the reporting tool it controlled. It is, however, a requirement for all breaches of not secured health information directly affecting more than 500 individuals to be reported and listed publicly.
LabCorp’s cybersecurity efforts are deficient and futile by the petitioner, who attests that it is the company’s lack of implementation of adequate security defense that led to the data breaches.
The reaction of LabCorp to the breach and the remediation following the AMCA breach cut the company down by about 11.5million dollars. However, reviewing the chain of lawsuits against them, it is safe to assume that the amount mentioned earlier was nothing close to what they lost in litigation.
Eugenio asked not only for rectification for the impairment and disruption, but also demands that the company publicly acknowledge the second schism. He also seeks a complete overhaul of the inside processes in the company to prevent future cybersecurity risks.