LabCorp, the mammoth medical investigations company, is still recuperating from a major ransomware attack and, almost a week later, won’t reveal how the hackers got entry nor the number of servers that were hit.

On witnessing suspicious activity, officials advised LabCorp to shut down its network on Sunday. Repair efforts temporarily hampered test processes and customer access.

LabCorp’s spokesperson did not confirm or deny the involvement of SamSam even after repeated questioning on Friday. The official stuck to the official statement and wouldn’t say anything further when probed about the actual report.

However, a report from CSO, revealed that thousands of LabCorp’s servers were impacted by the attack, and the infamous SamSam variant was the culprit. SamSam is the very virus that forced the Allscripts platform shut for about a week in January and is famed for its recourse to brute force RDP attacks to breach a system and multiply.

Though LabCorp was able to swiftly control the attack, in the 50 minutes between spotting and correcting, the ransomware was able to encrypt 7,000 systems, 1,900 servers, 350 of which were production servers.

The report said officials confirmed that only Windows systems were damaged. The official statement further stresses that patient data remained intact, which the report claimed LabCorp confirmed through its management and traffic monitoring.