Medical giant Abbott investigates two cyber incidents as ShinyHunters claims breach
One threat actor claims patient data. Another says it stole technical secrets.

Via Shutterstock
- Abbott is investigating two apparently unrelated cyber incidents involving its Cancer Diagnostics business and LabCentral portal.
- ShinyHunters claims it stole medical, customer, and business data after compromising an Abbott employee sign-on account.
- A separate group, ShadowByt3$, claims it accessed LabCentral documents, but Abbott says the portal holds public reference materials.
- Abbott says neither incident has affected customers, operations, or finances, and no claimed stolen data has been released.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
American healthcare giant Abbott Laboratories is investigating two cyber incidents that appear to be unrelated: one involving its Cancer Diagnostics business and another affecting its LabCentral portal.
Although unrelated, the two disclosures came within days of each other.
On July 16th, Abbott said it was investigating an incident involving unauthorized access to a limited number of internal systems in its Cancer Diagnostics business.
The company claimed that no other business, products, or operations were affected by the Cancer Diagnostics incident.
Abbott added that the legacy Exact Sciences systems, inherited when the company acquired Exact Sciences' cancer diagnostics business, are separate from its own systems and were therefore not impacted.
The ShinyHunters gang posted Abbott on its data leak site, threatening to publish the allegedly stolen data on July 18th unless Abbott negotiated with the group, although the deadline was later postponed to July 21st.
ShinyHunters told BleepingComputer that it gained access via a vishing attack targeting several Abbott employees in mid-June. During the attack, the gang compromised a corporate Microsoft Entra single sign-on (SSO) account and stole data from connected applications.
The gang claimed the stolen data includes internal documents, contracts, customer information, more than 22 million doctor-patient notes containing conversations, over 20 million medical orders, customer agreements, and NDAs.
According to the hacking group, the customer data also contains names, email addresses, phone numbers, physical addresses, dates of birth, as well as more than one million Social Security numbers.
Abbott said it does not expect any material impact on the business or financial results from that incident.
Separately, another threat actor has claimed to have breached Abbott's LabCentral portal, which is a customer portal for core laboratory diagnostics. The ShadowByt3$ hacking gang told BleepingComputer that it gained access on July 4th using compromised customer credentials and a "weak point" in the environment.
The group claims it exfiltrated sensitive technical documentation related to Abbott's laboratory diagnostic systems, including manufacturing certificates, operation manuals, technical specifications, and regulatory documents.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
ShadowByt3$ says no customer data was stolen, but claims to have obtained confidential business documents and intellectual property.
Abbott said, however, that there had been no impact on its businesses or customers.
A company spokesperson told BleepingComputer that LabCentral is an externally facing third-party hosted portal, which “houses publicly available technical product reference documents” and “does not contain proprietary/sensitive customer or business information”.
Abbott Laboratories holds the 107th spot on the Fortune 500 list, generating more than $44.3 billion in annual revenue.
As of now, neither group has released the data it claims to have stolen from Abbott.