LifeLabs has revealed that 15 million Canadians may have had their data leaked after a being hit with a cyber-attack in October. LifeLabs is a diagnostics testing company, the largest healthcare laboratory test company in Canada. In a recent blog post, they revealed that most of the victim were in Ontario and British Columbia.
The data was accessed by an unauthorized party and LifeLabs paid a ransom to retrieve their stolen data. They paid for the data in collaboration with cybersecurity experts who reportedly helped guide them through the process.
The data that was stolen includes names, addresses, emails, patient login passwords, date of birth, and health-card numbers. Additionally, a confirmed 85,000 customers’ lab test results were stolen.
The stolen data was largely from 2016 and earlier.
LifeLabs also reports taking several measures to protect their data, and more pressing, their customer’s data, in the future. This includes:
- Collaborating with cybersecurity experts to help secure their systems, isolate the threats, mitigate the risk, and identify exactly how large the data breach was.
- Finding ways to help improve their overall cybersecurity posture and strengthen their system to help reduce the risk of attack.
- Engaging with the police, whom LifeLabs states is currently investigating the breach.
- Offering cybersecurity protection to any costumers affected, including identity theft protection, dark web monitoring, and fraud protection insurance. This monitoring and protection will be free for one year.
Despite the paid ransom, there are no solid reports as to whether or not the hackers released or sold any customer information.
LifeLabs states in their customer notice that, “While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this breach and they are investigating the matter. We have also notified our government partners.”
They conclude by pointing out that they indeed took steps over the last few years to secure their systems, though this recent breach “serves as a reminder” that they, and by extension all businesses, need to stay ahead of cyber-attacks by taking proactive steps to strengthen their cybersecurity defenses.