Abbott Laboratories Hit by Dual Cyber Incidents: ShinyHunters Targets Cancer Diagnostics, ShadowByt3$ Claims LabCentral Breach
**Abbott Laboratories** is currently navigating two distinct cybersecurity incidents. The notorious **ShinyHunters** extortion group claims a breach of internal legacy **Exact Sciences** systems within Abbott's Cancer Diagnostics business, while a separate threat actor, **ShadowByt3$**, alleges unauthorized access to the company's **LabCentral** customer portal.
Medical device and healthcare giant **Abbott Laboratories** is grappling with the fallout from two separate cybersecurity investigations. The company confirmed unauthorized access to internal systems within its Cancer Diagnostics business, while simultaneously probing claims of a breach affecting its **LabCentral** customer portal.
### ShinyHunters Targets Cancer Diagnostics
The first incident came to light after the **ShinyHunters** extortion gang added **Abbott** to its data leak site, threatening to publish allegedly stolen data unless a ransom was paid. **Abbott** has since confirmed the incident, stating that it involves "unauthorized access to a limited number of internal systems in our Cancer Diagnostics business only."

**Abbott** emphasized that the breach did not impact any other business operations, product availability, manufacturing, or its ability to serve patients. The company clarified that the affected legacy **Exact Sciences** systems are separate from **Abbott's** broader infrastructure.
Following the discovery, **Abbott** activated its incident response procedures, engaged cybersecurity experts, and notified law enforcement. The company does not anticipate a material impact on its business or financial results.
**ShinyHunters**, speaking to BleepingComputer, claimed to have gained access through a vishing attack targeting several **Abbott** employees in mid-June. This reportedly allowed them to compromise a **Microsoft Entra** single sign-on (SSO) account, subsequently granting access to internal systems.
The extortion group has a history of social engineering campaigns targeting **Microsoft Entra**, **Okta**, and **Google SSO** accounts. Once access to a corporate SSO account is established, **ShinyHunters** typically exfiltrates data from connected SaaS applications such as **Salesforce**, **Microsoft 365**, and **Google Workspace**.
**ShinyHunters** further claimed to have stolen internal documents, contracts, and customer information from **Microsoft Entra**, **ServiceNow**, **SharePoint**, **Databricks**, and **Coupa**. The group alleges the exfiltration of over 30 million rows of customer personally identifiable information (PII), including names, email addresses, phone numbers, physical addresses, dates of birth, and over a million Social Security numbers. Additionally, they claim to have stolen over 22 million client notes containing doctor-patient conversations, 20 million medical orders, and various customer agreements and NDAs. BleepingComputer has not independently verified these claims.
### Alleged Breach at LabCentral Customer Portal
The second incident involves a threat actor known as **ShadowByt3$**, who contacted BleepingComputer alleging a breach of **Abbott's** Core Laboratory diagnostics business via its **LabCentral** customer portal. **ShadowByt3$** claims to have exploited a "weak point" in the environment, gaining access on July 4, 2026, and slowly exfiltrating files by targeting API endpoints.
The group asserts that the stolen data includes CE manufacturing certificates, operation manuals, technical specifications, regulatory documentation, product requirement archives, calibrator value assignments, assay files, and other product documentation related to **Abbott's** laboratory diagnostic systems. While **ShadowByt3$** maintains no customer data was compromised, they claim to have obtained sensitive business documents and intellectual property.
**Abbott** acknowledged awareness of this "potential" cyber incident but disputed the nature of the data allegedly stolen. A company spokesperson stated that **LabCentral** is an "externally facing third-party hosted portal used by Abbott's core laboratory diagnostics business" which "houses publicly available technical product reference documents, including operating manuals, troubleshooting checklists and product specifications, and does not contain proprietary/sensitive customer or business information."
As of now, neither **ShinyHunters** nor **ShadowByt3$** has publicly released any data they claim to have stolen from **Abbott**.