Skip to content
Data breachOngoing

Abbott investigates ShinyHunters extortion claim over breach of legacy Exact Sciences cancer-diagnostics systems

Abbott confirmed attackers gained access to a limited number of legacy Exact Sciences systems in its Cancer Diagnostics business after the ShinyHunters extortion group listed it on a leak site.

Victim
Abbott Laboratories

On 16 July 2026, Abbott Laboratories โ€” the Illinois-based global healthcare and medical-diagnostics giant โ€” confirmed that it was investigating a cyber incident after the ShinyHunters extortion group added the company to its data-leak site. In a public statement, Abbott said there had been unauthorized access to a limited number of internal legacy systems belonging to Exact Sciences, the cancer-screening firm behind Cologuard and Cancerguard that Abbott acquired in March 2026, within its Cancer Diagnostics business.

Abbott stressed that the intrusion was confined to the legacy Exact Sciences environment, which it described as separate from Abbott's own systems, and that there was no impact to other Abbott businesses, sites or systems. Critically, the company said the incident did not affect business operations, product availability, manufacturing, laboratory operations, or its ability to serve patients. Abbott said it had engaged leading third-party cybersecurity experts and law enforcement and was working to determine exactly what information had been accessed.

How the attackers say they got in

ShinyHunters told reporters that it had gained its foothold through a vishing (voice-phishing) campaign aimed at several Abbott employees in mid-June, which allowed it to compromise a Microsoft Entra single sign-on (SSO) account and pivot into internal systems โ€” a social-engineering playbook the group has used against other large enterprises through 2026. The extortion group initially threatened to publish allegedly stolen data after 18 July unless Abbott entered negotiations, later pushing the deadline to 21 July.

A second, separate claim

Complicating the picture, Abbott said it was simultaneously investigating a second, unrelated claim. A different threat actor operating as ShadowByt3$ told BleepingComputer that it had breached Abbott's Core Laboratory diagnostics business via the LabCentral customer portal, using compromised customer credentials to slowly exfiltrate files through API endpoints. As of the disclosures, neither group had publicly released any of the data they claimed to hold, and Abbott had not quantified how many records or individuals were involved. With two investigations open, extortion deadlines still live, and the scope of the accessed data unconfirmed, the incident's status remained ongoing.

Timeline

  1. The ShinyHunters extortion group lists Abbott-owned Exact Sciences on its data-leak site, threatening to publish allegedly stolen data after 18 July unless Abbott negotiates.

  2. Abbott issues a public statement confirming unauthorized access to a limited number of legacy Exact Sciences systems in its Cancer Diagnostics business, and says operations, product availability and patient care were unaffected.

  3. A separate actor, ShadowByt3$, claims it breached Abbott's Core Laboratory business through the LabCentral customer portal; Abbott says it is investigating both incidents.

  4. ShinyHunters extends its publication deadline to 21 July; no data claimed to be stolen has been publicly released.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/abbott-laboratories-probes-two-cyber-incidents-amid-extortion-claims/
  2. abbott.comhttps://www.abbott.com/en-us/corpnewsroom/diagnostics-testing/abbott-statement-on-cyber-incident-in-cancer-diagnostics-business.html
  3. medtechdive.comhttps://www.medtechdive.com/news/abbott-discloses-cyberattack-on-cancer-diagnostics-business/825529/
  4. finance.yahoo.comhttps://finance.yahoo.com/news/abbott-investigates-two-separate-cyber-230207985.html

Related incidents