A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data.
It’s the second incident in the past year after LabCorp said in June that 7.7 million patients had been affected by a credit card data breach of a third-party payments processor. That breach also hit several other laboratory testing companies, including Quest Diagnostics.
This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a password, the part of the website designed to pull patient files from the back-end system was left exposed. That unprotected web address was visible to search engines and was later