Canadian Lab Provider Hit With Ransomware Attack Potentially Impacting 15M Customers

Dec. 18, 2019

LifeLabs, a Canadian laboratory testing company, acknowledged this week that it paid cyber attackers to resolve a ransomware incident that involved unauthorized access to the organization’s computer systems.

In a privacy notice made public by LifeLabs, the organization’s president and CEO Charles Brown stated the provider recently identified a cyberattack that involved unauthorized access to its computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results—all data from 2016 or earlier.

The Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC) said that LifeLabs reported the breach to them on Nov. 1, and shortly thereafter, the organization confirmed more details about the attack.

LifeLabs said there was information connected with approximately 15 million customers on the computer systems that were potentially accessed in the breach.

Officials noted that they were able to retrieve the stolen data by making a payment, though they didn’t disclose how much they paid the hackers. “We did this in collaboration with experts familiar with cyberattacks and negotiations with cyber criminals,” the statement read.

LifeLabs is the largest provider of specialty laboratory testing services in Canada, compassing 16 laboratories, nearly 6,000 staff members and close to 400 located collection centers in B.C., Ontario and Saskatchewan.

The company noted that the vast majority of the impacted customers are in B.C. and Ontario, with relatively few customers in other locations. In the case of lab test results, its investigations have indicated that there are 85,000 impacted customers from 2016 or earlier located in Ontario.

Brown said in his statement, “I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyberattack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.”

LifeLabs is offering cybersecurity protection services to its customers, such as identity theft and fraud protection insurance. In the meantime, the IPC and OIPC are undertaking a coordinated investigation into the attack.

“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant,” Brian Beamish, Information and Privacy Commissioner of Ontario, said in a statement. “Cyberattacks are growing criminal phenomena and perpetrators are becoming increasingly sophisticated. Public institutions and healthcare organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”

Earlier this year in the U.S., Quest Diagnostics and LabCorp, two clinical laboratory providers, acknowledged that a billings collections vendor they work with suffered a data breach on its web payment system that may have exposed the information of about 20 million patients between the two lab organizations.

Sponsored Recommendations

Patient Engagement and ML/AI – Modern Interoperability as an enabler for value based care

Discover how modern interoperability empowers patient engagement and leverages ML/AI for better outcomes in value-based care. Join us on June 18th to learn how seamless data integration...

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.