Clinical and Pathology Laboratories Targeted by Ransomware Groups

Ransomware groups have carried out many attacks on medical labs recently. These attacks can lead to considerable disruption to laboratory screening services, causing delays in diagnosis and treatment. The ransomware attack on Synnovis last June 2024 led to substantial disruption to lab testing and blood services, resulting in extended blood shortages in southeast London for a couple of months. The attack on this UK-based pathology lab offering its services to National Health Service Trusts costs approximately £32.7 million or $38.18 million in 2024.

In May 2025, Molecular Testing Labs (CareNexa) in Washington and Marlboro-Chesterfield Pathology in North Carolina submitted data breach reports involving hacking incidents. The following have also reported data breaches: a life science testing laboratory in California, a diagnostic laboratory in New York, and a pathology laboratory in Kansas.

WPM Pathology Laboratory, Chartered, in Kansas, recently began sending notifications to 5,694 patients concerning a ransomware attack in November 2024. The lab detected unauthorized network access on November 4, 2024. Third-party cybersecurity experts helped to control the threat and make the network secure. On February 21, 2025, WPM Pathology confirmed the potential access to files that contain patients’ protected health information (PHI) by a threat actor. The affected PHI included names, birth dates, Social Security numbers,
diagnoses, medical record numbers, and medical insurance claims data.

WPM Pathology Laboratory began sending notification letters to the impacted persons on April 17, 2025, and submitted the breach report to the HHS’ Office for Civil Rights in May. The laboratory just published its substitute breach notice. The breach notification letters did not mention the involvement of ransomware, but it seems that the Fog ransomware group was behind the attack.

The ransomware group responsible for the Synnovis attack conducted an attack on another laboratory. Qilin ransomware group attacked Accu Reference Medical Lab in New York and listed the company on its data leak site last July 10, 2025. It claimed to have stolen sensitive information and uploaded proof of 12 screenshots. Some of the stolen data included patient data, such as clinical test results. There is no confirmation yet from Accu Reference Medical Lab about the attack and data breach. Accu Reference Medical Lab has encountered a ransomware attack in the past. In 2023, the Medusa ransomware group attacked Accu Reference Medical Lab and leaked the stolen information because the victim did not pay the ransom.

Life science testing company Pacific Biolabs in Hercules, CA, provides GMP/GLP lab testing services to assist the medical device, biotechnology, and pharmaceutical sectors. The company seems to have suffered a ransomware attack conducted by the Cicada3301 ransomware-as-a-service (RaaS) group. Cicada3301 says it extracted 900 GB of data during the attack, which is believed to have happened on or about July 10, 2025. Pacific Biolabs has not confirmed the attack.

About Christine Garcia 1235 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA