Abbott investigates two cyber incidents as extortion groups make breach claims
Abbott Laboratories is examining two separate cybersecurity incidents involving different parts of its business, including unauthorized access affecting legacy systems associated with its Cancer Diagn...
Abbott Laboratories is examining two separate cybersecurity incidents involving different parts of its business, including unauthorized access affecting legacy systems associated with its Cancer Diagnostics operations and an alleged intrusion into an externally hosted customer portal.
The company began investigating the first incident after the ShinyHunters extortion group listed Abbott’s Exact Sciences business on its leak site. The group initially set a July 18 deadline for negotiations and later moved it to July 21. Abbott said unauthorized access was limited to a small number of internal systems in the Cancer Diagnostics business.
According to Abbott, the incident has not disrupted operations, manufacturing, laboratory activity, product availability or patient services. The company said other Abbott businesses and systems were not affected, and that the legacy Exact Sciences environment is separated from the rest of the organization. Abbott has activated its incident response process, hired outside cybersecurity specialists and notified law enforcement. It does not currently expect a material effect on its financial results.
ShinyHunters told reporters that it used voice-based social engineering against several employees to compromise a Microsoft Entra single sign-on account. The group alleged that it accessed multiple corporate platforms and took documents, contracts and customer-related information. It also claimed to have obtained large datasets containing personal information, medical records and business documents. Those allegations have not been independently confirmed, and the group has not publicly released the purported data.
Separate LabCentral allegation
A second threat actor, known as ShadowByt3$, claimed to have entered Abbott’s Core Laboratory diagnostics environment through the LabCentral customer portal using compromised credentials. The actor said it accessed the portal on July 4 and extracted files through application programming interfaces.
The alleged materials include product manuals, regulatory records, manufacturing certificates, technical specifications and other documentation. ShadowByt3$ supplied screenshots and a file listing as purported evidence, while stating that customer information was not taken.
Abbott acknowledged awareness of the potential incident but disputed the characterization of the data. It said LabCentral is a third-party-hosted, externally accessible portal containing publicly available technical reference material, and that the environment does not hold sensitive customer or proprietary business information.
Neither group had published the data they claimed to possess at the time of reporting. Abbott’s investigations will need to establish whether information was accessed or removed and whether either event presents risks beyond the affected systems.
