A wave of ransomware attacks has disrupted lab operations and exposed sensitive health data across multiple states.
Several medical and diagnostic laboratories have been hit by ransomware in recent months, causing service outages and data breaches. Recent incidents include attacks on WPM Pathology Laboratory in Kansas, Accu Reference Medical Lab in New York, and Pacific Biolabs in California. These follow earlier attacks in May on Marlboro-Chesterfield Pathology in North Carolina and Molecular Testing Labs in Washington.
The attacks have led to delayed diagnoses, potential patient harm, and the exposure of protected health information. One of the most impactful attacks remains the June 2024 breach of UK-based Synnovis, which disrupted NHS blood testing services and cost over $38 million.
WPM Pathology detected unauthorized access to its systems on November 4, 2024. The breach involved sensitive patient data, including names, birth dates, medical record numbers, and Social Security numbers. Although its public notice did not explicitly mention ransomware, the attack has been linked to the Fog ransomware group.
Accu Reference Medical Lab in New York appears to have been targeted by the Qilin ransomware group, which claims to have exfiltrated patient data and posted screenshots as proof. The lab has not yet confirmed the incident. Notably, this is the second known ransomware event involving Accu Reference. In 2023, it was attacked by the Medusa group, which leaked stolen data after a ransom demand was unmet.
Pacific Biolabs, a California-based life sciences lab supporting pharmaceutical and biotech testing, is reportedly the latest victim. The Cicada3301 ransomware group claims responsibility and alleges it stole 900 GB of data around July 10, 2025. The lab has not confirmed the breach.
Public statements from the labs remain limited. WPM Pathology confirmed the scope of affected patient data and has begun notifying individuals. Accu Reference and Pacific Biolabs have not issued public responses. Ransomware groups have instead released the claims, data samples, and breach timelines via leak sites.
Health cybersecurity experts warn that pathology and diagnostic labs are attractive targets due to the volume of sensitive data and the nature of their services, which can pressure victims into paying ransoms quickly.
According to the American Hospital Association, “Ransomware and other cyber attacks on hospitals have evolved. The crime itself has changed from one that is financially motivated to an act that also represents a threat to life that endangers public health. The defenses and strategies to protect against these threats, and the enforcement actions taken to punish the attackers, need to change too. Leveraging the entire law enforcement, intelligence and military capabilities of the U.S. government is necessary to achieve swift and certain consequences against these attackers. This may be the only way to effectively deter and disrupt these foreign adversaries that threaten our hospitals and communities.”
Labs store sensitive medical data and provide essential diagnostic services. This makes them high-value targets, as any service disruption can pressure them to pay ransoms quickly.
Fog is a lesser-known ransomware group linked to attacks involving data encryption and extortion, often leaving minimal public traces beyond affected systems and claimed responsibility.
RaaS groups provide ready-made ransomware tools to affiliates, who carry out attacks in exchange for a share of ransom payments, enabling broader and faster spread of ransomware campaigns.
Attackers usually steal data before encrypting systems. If ransom demands are unmet, they often post data samples or full files on leak sites to increase pressure or prove the breach.
HIPAA-regulated labs must report breaches involving protected health information to the HHS if over 500 individuals are affected. However, confirmation and public statements may be delayed depending on investigations and legal guidance.