Diagnostic laboratories must dig into where their suppliers source their items to avoid surprises
Clinical laboratories in the US are under additional financial and operational pressure because of tariff fluctuations from the federal government among global trading partners. This brief overview explores clinical lab tariff strategies that may help organizations better prepare for difficult stretches.
Across the overall laboratory industry—including diagnostics settings—average duties on imported lab equipment and consumables hover around 23%, with personal protective equipment, lab instruments, and supply chains facing even higher tariffs depending on their origin, according to a report from Lab Manager, a sibling brand to Dark Daily.
“Don’t assume that just because something is made in the United States that it will be tariff free because many of the components are not,” Drew Kevorkian, founder and CEO at ARES Scientific, told Lab Manager. ARES Scientific maintains a useful online tariff guide.
These nuances can escalate costs, complicate budgeting, and squeeze margins, all of which pose a risk to financial viability for clinical labs.
When it comes to clinical lab tariff strategies, the starting point is clear. “Assume costs are going up one way or another. The best thing to do is be well informed,” Drew Kevorkian, founder and CEO at ARES Scientific, told Lab Manager. (Photo copyright: Ares Scientific.)
Tariff-Influenced Areas for Clinical Labs to Consider
Managers and others who oversee budgeting or product procurement should think about the following aspects as they plan out their clinical lab tariff strategies:
Component audits. Labs should undertake an audit of their consumables down to the stock-keeping unit (SKU), which is an alphanumeric descriptor that identifies a product. The goal is to identify the source of the products to determine if they come from tariff-affected countries, Kevorkian noted. This exercise allows clinical lab professionals to forecast cost scenarios and make informed procurement decisions.
Reused lab instruments. Tariffs introduce an opportunity to think about acquiring certified refurbished lab equipment. Such items, often already in the US, can offer meaningful savings and avoid import duties, according to Lab Manager.
Investigate in vitro diagnostics (IVD) sourcing. Clinical labs should look into where their IVD suppliers get their components, according to The Dark Report. Even if a lab buys from American-based suppliers, the IVD companies a laboratory works with might have ties overseas that aren’t immediately obvious. “All IVD companies get components from China,” Rob LaCroix, executive director of global strategy at LTC LLC, told attendees at the 2025 Executive War College on Diagnostics, Clinical Laboratory, and Pathology Management. “Just-in-time [purchasing] with tariffs is a problem,” he noted.
Clinical Lab Tariff Strategies Should Model Various Budget Scenarios
Lab Manager suggested that laboratories build tiered budget models that consider various tariff scenarios:
Baseline case assumes stable tariffs (around 23% as noted earlier).
Worst case simulates escalation or new restrictions.
Optimistic case explores tariff relief or exemptions.
These forecast ranges enable clinical labs to develop contingency plans, such as temporarily reducing discretionary spending or exploring ways to pass on incremental costs.
Clinical laboratories and anatomic pathology groups should consider these cyberattacks on major healthcare entities as reminders that they should tighten their cybersecurity protections
Hackers continue to gain access to public health records—including clinical laboratory testing data—putting thousands of patients’ protected health information (PHI) at risk of being exposed. The latest important healthcare entity to become the victim of a ransomware attack is American Associated Pharmacies (AAP). According to The Register, AAP announced a ransomware operation called Embargo had stolen over 1.4 terabytes (TB) of data, encrypted those files, and demanded $1.3 million to decrypt the data.
Embargo claims that Scottsboro, Ala.-based AAP paid $1.3 million to have its systems restored. They are now demanding an additional $1.3 million to keep the stolen data private, the HIPAA Journal reported, adding, “The attack follows ransomware attacks on Memorial Hospital and Manor, an 80-bed community hospital and 107 long-term care facility in Georgia, and Weiser Memorial Hospital, a critical access hospital in Idaho.”
AAP has not publicly confirmed the ransomware attack, nor has it made an official statement regarding the breach. But it did post an “Important Notice” on its website reporting, “limited ordering capabilities for API Warehouse have been restored at APIRx.com.”
API Warehouse is a subsidiary of AAP that helps subscribers save on brand name and generic prescriptions via wholesale purchasing plans. It oversees more than 2,000 independent pharmacies across the US and has over 2,500 stock keeping units (SKUs) in its inventory.
The message further states “All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites. Please click ‘forgot password’ on the log in screen and follow the prompts accordingly to reset your password.”
“Embargo seems to have international and multi-sector victims and is not focusing on a specific victim profile. They seem opportunistic,” Mike Hamilton (above), founder and chief information security officer (CISO) of cybersecurity firm Critical Insight, told HealthcareInfoSecurity. “However, as they do have multiple victims in healthcare, and their tooling to disable detection is sophisticated, they should not be discounted. If indeed they operate through affiliates, we can expect others to use their infrastructure and tools, and Embargo may emerge as a top threat to healthcare.” Since 80% of all medical records are made up of clinical laboratory testing data, laboratory patients are particularly vulnerable. (Photo copyright: Critical Insight.)
Embargo on the Hunt for PHI
Due to the large amount of data Embargo stole from the AAP servers, it’s likely the hackers were able to procure medical records and account details from all customers of the pharmacies involved in the attack.
Researchers at ESET, an internet security company, first noticed the ransomware organization known as Embargo in June of this year. In a news release, ESET stated that Embargo used an endpoint detection and response (EDR) killer toolkit to steal AAP’s data.
“Based on its modus operandi, Embargo seems to be a well-resourced group. It sets up its own infrastructure to communicate with victims. Moreover, the group pressures victims into paying by using double extortion: the operators exfiltrate victims’ sensitive data and threaten to publish it on a leak site, in addition to encrypting it,” ESET wrote in a news release.
Embargo recently attacked other organizations within the healthcare industry as well. In November, it claimed responsibility for breaching the security of Memorial Hospital and Manor in Bainbridge, Ga. The cyberattack affected Memorial’s email and electronic medical record (EHR) systems, which caused the facility to pivot to a paper-based system, The Cyber Express reported.
Embargo’s attack on Weiser Memorial Hospital in Weiser, Idaho, involved the theft of approximately 200 gigabytes (GB) of sensitive data and caused a four-week-long outage of its computer systems.
Other Cyberattacks on Healthcare Organizations
Dark Daily has covered many cyberattacks on hospital health systems in multiple ebriefs over the past few years.
Safeguarding patient data is critical, and more healthcare organizations are discovering the hard way that they are vulnerable to hackers. This situation serves as another reminder to clinical laboratory and pathology group managers that they need to be proactive and serious about protecting their information systems, and in upgrading their digital security at regular intervals.
Hackers are working hard to obtain access to protected health information, which puts patients at continuous risk of having their private records stolen.
