Canadian Lab Provider Hit With Ransomware Attack Potentially Impacting 15M Customers

Dec. 18, 2019

LifeLabs, a Canadian laboratory testing company, acknowledged this week that it paid cyber attackers to resolve a ransomware incident that involved unauthorized access to the organization’s computer systems.

In a privacy notice made public by LifeLabs, the organization’s president and CEO Charles Brown stated the provider recently identified a cyberattack that involved unauthorized access to its computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results—all data from 2016 or earlier.

The Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC) said that LifeLabs reported the breach to them on Nov. 1, and shortly thereafter, the organization confirmed more details about the attack.

LifeLabs said there was information connected with approximately 15 million customers on the computer systems that were potentially accessed in the breach.

Officials noted that they were able to retrieve the stolen data by making a payment, though they didn’t disclose how much they paid the hackers. “We did this in collaboration with experts familiar with cyberattacks and negotiations with cyber criminals,” the statement read.

LifeLabs is the largest provider of specialty laboratory testing services in Canada, compassing 16 laboratories, nearly 6,000 staff members and close to 400 located collection centers in B.C., Ontario and Saskatchewan.

The company noted that the vast majority of the impacted customers are in B.C. and Ontario, with relatively few customers in other locations. In the case of lab test results, its investigations have indicated that there are 85,000 impacted customers from 2016 or earlier located in Ontario.

Brown said in his statement, “I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyberattack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.”

LifeLabs is offering cybersecurity protection services to its customers, such as identity theft and fraud protection insurance. In the meantime, the IPC and OIPC are undertaking a coordinated investigation into the attack.

“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant,” Brian Beamish, Information and Privacy Commissioner of Ontario, said in a statement. “Cyberattacks are growing criminal phenomena and perpetrators are becoming increasingly sophisticated. Public institutions and healthcare organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”

Earlier this year in the U.S., Quest Diagnostics and LabCorp, two clinical laboratory providers, acknowledged that a billings collections vendor they work with suffered a data breach on its web payment system that may have exposed the information of about 20 million patients between the two lab organizations.

Sponsored Recommendations

2024's Healthcare Buyer Journey: New Research and Insights

Join us on April 30th for a webinar unveiling insights from the latest study on the Healthcare IT Buying Journey! Discover evolving challenges, effective health data management...

Improving care with AI-powered solutions

Don't miss our April 23rd webinar delving into the transformative impact of AI-powered solutions on healthcare. Join industry leaders Reid Conant and Dr. Patrick McGill as they...

Shield your health system against cyber threats

You won't want to miss out on this imperative April 4th webinar about how you can protect your healthcare organization. Join us to learn how to fortify your health system against...

Healthcare Trends 2024: Trends & Strategies for Future Success

Explore the future of healthcare in 2024 with insights from the Healthcare Industry Trends Report. Stay ahead of the curve as we delve into the latest industry developments and...