Abbott Laboratories is currently investigating two distinct cybersecurity incidents involving unauthorized access to internal systems. The company confirmed a breach of legacy Exact Sciences systems within its Cancer Diagnostics business after the ShinyHunters extortion group claimed to have accessed the data. Separately, Abbott is reviewing a claim by a threat actor known as ShadowByt3$ regarding unauthorized access to its LabCentral customer portal.
Confirmed Breach of Cancer Diagnostics Systems
Abbott Laboratories has officially confirmed that unauthorized parties gained access to a limited number of internal systems belonging to its Cancer Diagnostics business unit. The company stated that these compromised systems are legacy assets from its Exact Sciences acquisition and remain segmented from the broader Abbott corporate infrastructure.
According to a statement on the company’s website, the incident does not impact business operations, product availability, or patient-facing lab services. Abbott has engaged cybersecurity experts and notified law enforcement to address the breach. The company noted that it does not expect the incident to have a material impact on its financial results.
The ShinyHunters extortion group claimed responsibility for the intrusion, alleging that a vishing attack targeting Abbott employees in mid-June allowed them to compromise a Microsoft Entra single sign-on (SSO) account. The group has listed Abbott on its data leak site, initially setting a deadline for negotiation before extending it to July 21. ShinyHunters claims to have exfiltrated internal documents, contracts, and customer information, though Abbott has not verified these specific claims.
LabCentral Portal Security Inquiry
A second incident involves the LabCentral customer portal, which is used by Abbott’s Core Laboratory diagnostics business. A threat actor identifying as ShadowByt3$ contacted BleepingComputer, claiming to have breached the portal on July 4, 2026, by exploiting a "weak point" in the environment to gain access via compromised customer credentials.
Abbott has acknowledged it is aware of the "potential" incident but disputes the claims made by the threat actor regarding the nature of the data. An Abbott spokesperson told BleepingComputer that the LabCentral portal is an externally facing, third-party hosted site containing only publicly available technical documentation, such as operating manuals, troubleshooting checklists, and product specifications. The company maintains that the portal does not house proprietary or sensitive customer information.
Cybersecurity Context and Industry Trends
The targeting of Abbott follows a pattern of extortion gangs focusing on medical technology companies. ShinyHunters has been linked to previous campaigns targeting organizations such as Medtronic, OneMedical, AdaptHealth, and iRhythm. These groups frequently utilize social engineering tactics, including the compromise of SSO accounts like Microsoft Entra, Okta, and Google, to pivot into connected SaaS applications.
As of the latest reports, neither ShinyHunters nor ShadowByt3$ has publicly released the data they claim to have stolen. Abbott continues to monitor both situations through its incident response procedures.
Summary of Reported Incidents
| Incident Source | Affected System | Status | Company Position |
|---|---|---|---|
| ShinyHunters | Legacy Exact Sciences (Cancer Diagnostics) | Under Investigation | Confirmed limited unauthorized access; no impact on operations. |
| ShadowByt3$ | LabCentral Customer Portal | Under Investigation | Disputes claims; states data in portal is public information. |
Key Takeaways:
- Segmented Infrastructure: Abbott reports that the compromised Cancer Diagnostics systems are legacy assets and are not integrated with the company’s primary operational systems.
- Threat Actor Tactics: The incidents highlight the ongoing risk of social engineering and vishing attacks aimed at gaining unauthorized entry to corporate SSO environments.
- Data Sensitivity: While threat actors claim to have obtained sensitive PII and intellectual property, Abbott has disputed the severity of these claims, specifically regarding the public nature of the documents hosted on its LabCentral portal.