- Cybersecurity Fundamental Training
- Ethical Hacker Fundamental Training
- Cyber Security Specialist
- Cyber Crisis Management
- CISA Training
- CISM Training
- CRISC Training
- CISSP Training
- CCSP Training
- CGRC Training
- All Courses
- Team Training
- Global Cyber Conference
- About the Institute
Lessons Learned: LifeLabs Data Breach Case Study
This is the third blog post of our blog series on the topic of Lessons Learned. In our first article, we had a look at the BlackRock data breach and in our second article, we shed light on Earl Enterprises Data Breach . This blog post is intended to assist health care practices in reevaluating their existent health information security policies.
Table of Contents
What did happen?
In November of 2019, LifeLabs notified the Office of the Information and Privacy Commissioner of Ontario of a potential cyber attack on their computer systems. A month later, the organization publicly confirmed that they were the subject of a cyber attack on their systems.
LifeLabs is a Canadian-owned company that has been serving the healthcare needs of Canadians for nearly five decades. It has 16 laboratories and over 5700 professionally trained staff members. Almost half of Canada’s total population has had some sort of testing carried out by the company as part of their routine health care.
As a matter of fact, the breach in question is known to be the largest to date in Canada and the first to include sensitive health data gathered by a major laboratory. A joint investigation executed by information and privacy commissioners in both British Columbia and Ontario has since discovered the company failed to allocate adequate safeguard activities and technology security policies to protect that personal information and also accumulated more personal health data than was necessary .
Since the incident, LifeLabs employed a third-party professional services firm to assess its cyberattack response and efficiency of its security program, as it continues to engage external cyber security teams to surveil the dark web and other online information regarding the data breach.
What was the result?
The personal information of about 15 million Canadians was extracted by cybercriminals, mainly residents of British Columbia and Ontario. This information included names, addresses, emails, date of birth, national health card numbers from 2016, and earlier. Customer login IDs and passwords appear to have also been exfiltrated in the breach.
In the public statement, LifeLabs stated that they made some sort of payment to regain the stolen information. The company did not reveal detailed information on the nature of the attack, so it lived Canadians doubtful about the current level of risk to their personal information.
There were three proposed class-action lawsuits in response to the LifeLabs data breach. The largest of these was seeking 1.13 billion US dollars in damages plus an added 10 million US dollars in punitive penalties. The suit described here claimed that the LifeLabs data breach was a result of a failure of sufficient cyber security safety controls, hence the company infringed its own privacy policy in allowing it to occur.
Key takeaways for your businesses
There are a number of characteristics that make the healthcare industry an ideal target for cybercriminals. For example, crippling IT systems is relatively easier than in other leading sectors because of insufficient investment in IT security within the healthcare sector.
On the other hand, healthcare is known as the industry where employees are the predominant threat actors in data breaches. What we see is that healthcare organizations find themselves under cyber attacks from numerous vectors, including ransomware, malware, or targeted attacks.
Organizations responsible for collecting and storing sensitive information, like healthcare records, should have heightened security protocols in place to protect the information, and to minimize the risk of having it compromised by intruders. Cyber attacks impair the ability of a healthcare provider to function properly.
The first takeaway is to create a security culture in the first place. In other words, it is important to establish a security-minded educational culture that makes good practices become automatic. That should be followed by conducting information security education on an ongoing basis. The second takeaway would be planning for the unexpected. Life does not always follow a script so get ready for what is coming next. Planning for the unexpected include creating regular and reliable data backups, protecting backup media with access controls, and testing backup media regularly for the ability to appropriately restore data. Last but not least, have a sound recovery plan: know what data was backed up, when the backup was done, and where backups are stored.
Looking for more insights like this?
Data breaches are unfortunately prevalent in every industry. Organizations must build a strong security management program and educate their workforce. We kindly invite you to check our Cyber Security Specialist training with Swiss Federal Diploma . For more information, download the brochure .
You may find interesting
Ai integration in education: a joint study with the university of jyväskylä, global cyber conference in the cybersecurity special, top 7 cybersecurity skills every company must have in 2024, recent posts, swiss cyber institute recognized as accredited training organization for isaca cisa, cism and crisc, hacking – using “bad” for good in cybersecurity , swiss cyber institute is now the official training preferred partner of isc2 , guide to financing your cyber security specialist training with swiss federal diploma, where cybersecurity leaders meet: 4 networking events at the global cyber conference 2024, three new isaca courses at the swiss cyber institute, master your most critical enterprise cyber risks, global cyber conference 2024 with swiss ciso awards, the fallacy of the ciso: why “chief insecurity officer” is more apt, modal title.
LifeLabs data breach: Hackers could still hold health records of 15M Canadians
Assistant Professor, Criminology, Simon Fraser University
Disclosure statement
Richard Frank does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Simon Fraser University provides funding as a member of The Conversation CA.
Simon Fraser University provides funding as a member of The Conversation CA-FR.
View all partners
LifeLabs — Canada’s major provider of lab diagnostics and testing services — announced on Dec. 17 that hackers had potentially accessed computer systems with data from “approximately 15 million customers” that “could include name, address, email, login, passwords, date of birth, health card number and lab test results.”
As a Canadian citizen whose data and whose family’s data is probably among the 15 million records stolen, my first thought is about the implications of this breach.
Data marketplaces
At the International CyberCrime Research Centre in the School of Criminology at Simon Fraser University , we’ve been studying online hacker communities for about seven years and the Dark Web for the past four years. The Dark Web, with its large number of marketplaces called cryptomarkets (think eBay for drugs and stolen data), is a fascinating place where all sorts of products, data and services are made available for purchase. Payments are made using anonymous (mostly) untraceable digital currencies . I would expect parts of LifeLab’s database to eventually end up in a marketplace like that.
So how did this happen? Details of the hack have not been revealed due to the ongoing investigation, but hopefully we will eventually learn the specifics. According to the Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC), “ cyber criminals penetrated the company’s systems, extracting data and demanding a ransom ,” which LifeLabs paid .
This points to a likely ransomware attack, where the attacker encrypts the data on a computer system and makes it inaccessible. Unless a backup of the data exists, the only way to recover the data is by paying the attacker a ransom, who sends the victim the decryption keys to unlock the data. Most of these ransomware attacks use encryption so strong that even security firms cannot unlock the files, which has led to a new type of business where consultants help ransomware victims negotiate and pay the ransom .
Read more: Cybersecurity: high costs for companies
In most ransomware cases the data remains on the victim’s computer, but its access is revoked through strong encryption. This implies that the attackers do not actually have a copy of the data and thus the chances for future revictimization remain low. However, the language of the OIPC indicates that in this case, the data were “extracted.” This puts a new twist on the story.
Holding data hostage
Ransomware attackers sometimes do use ransomware — software that threatens to block access or publish data — that not only locks files, preventing the victim from doing anything, but also leaks the files back to the attackers. This allows the attackers to potentially extort more money from the victim, as happened a few weeks ago to Allied Universal , a security firm in California. That seems to be the case with LifeLabs.
If this is true, then our data is out there, in the hands of cybercriminals, and will remain out there. LifeLabs has stated that they have “retrieved the data by making a payment,” but if the cybercriminals already have a copy, then retrieving it will not suddenly disallow the attackers from further using that data.
Did LifeLabs not have a proper backup and recovery procedures in place so it could recover from this failure without having to resort to paying a ransom?
Customer protection
The likely scenario is that LifeLabs fell victim to a ransomware attack, possibly sparked by a phishing email with a malicious link or attachment, which resulted in up to 15 million customers’ information ( our information, not LifeLabs’) being extracted to the attackers. LifeLabs paid the ransom to regain access to the data and continue business.
What can we, as customers, do? Unfortunately, not much.
The data theft is beyond our control. Periodically we must do business with third-parties that require our personal information and we have no choice but to hand it over. Implicit in this transaction is that the other party (LifeLabs, for example) will protect that data. The only available option we have as customers is to be vigilant of our personal information, including financial and health details; but this is after the data theft.
We must check our credit card statements, our credit histories, our insurance claims. We must not use the same password in multiple places and should use two-factor authentication whenever possible.
Read more: It's time we demanded the protection of our personal data
Potentially the best way to prevent future breaches would be to incentivize organizations that collect our personal details to secure them properly. This could be done by changes to the legislation, like in the European Union and its new General Data Protection Regulation (GDPR) introduced in 2018.
In August 2018, the British Airways website was breached and 500,000 customer details stolen. The United Kingdom’s Information Commissioner’s Office handed down a fine of £183 million (approximately $321 million) , based on a new U.K. law designed to mirror the EU’s GDPR. With penalties like that, third-party organizations would have no choice but to take data security seriously, rather than as an operational cost.
[ Expertise in your inbox. Sign up for The Conversation’s newsletter and get a digest of academic takes on today’s news, every day. ]
- Health data
- Data breaches
- Health databases
- Digital health data
Compliance Lead
Lecturer / Senior Lecturer - Marketing
Assistant Editor - 1 year cadetship
Executive Dean, Faculty of Health
Lecturer/Senior Lecturer, Earth System Science (School of Science)
- Where to Find Us
- Submit News Tip
- Advertise With Us
- Newsletters
- News Insiders
LifeLabs class-action lawsuit payout coming for over 900,000 Canadians
By Charlie Carey
Posted May 14, 2024 10:21 am.
Canadians affected by the massive 2019 cyberattack on LifeLabs are finally getting their money following a class-action lawsuit.
The 901,544 claimants across the country will receive $7.86.
KPMG, acting on behalf of the plaintiffs, says the payout amount is low because so many people filed claims. The initial payout was expected to be up to $150.
LifeLabs settled the suit for just under $10 million last fall. The original statement of claim filed five years ago accused the medical testing company of negligence, breach of contract, and violating their customers’ confidence as well as privacy and consumer protection laws.
- B.C. health minister wants to see LifeLabs report, supports fines
- LifeLabs breach ‘potential watershed moment’: cyber security expert
- LifeLabs facing proposed class action over data breach affecting up to 15M clients
- LifeLabs failed to reasonably protect health information of millions of Canadians: report
- LifeLabs reveals data breach, pays ransom to secure personal info of 15M people
- LifeLabs told B.C. gov’t about breach in October: health minister
The plaintiffs allege LifeLabs “failed to implement adequate measures and controls to detect and respond swiftly to threats and risks to the Personal Information and health records of the class members,” in violation of the company’s own privacy policy.
LifeLabs had previously said the data hack affected up to 15 million customers, almost all of them in Ontario and British Columbia. The compromised database included health card numbers, names, email addresses, logins, passwords, and dates of birth, but it was unclear how many files were accessed.
The lab results of 85,000 customers in Ontario were also obtained by the hackers, the company said.
In 2019, LifeLabs chief executive Charles Brown apologized for the breach, which led the company to pay a ransom to retrieve the data.
Top Stories
Simon Fraser University (SFU) plans to cut English and translation programs because of rising costs, shocking its teachers and their union.
BC Conservative Leader, John Rustad dismissed rumours of a potential merger between his party and Kevin Falcon's BC United in a lengthy, now deleted post to social media.
Chief Robert Michell says relief isn't the right word to describe his reaction as the search begins for unmarked graves at the site of a former residential school in northern B.C.
A fourth man accused in the murder of B.C. Sikh activist Hardeep Singh Nijjar will also appear at provincial court on May 21.
Most Watched Today
The Coquitlam RCMP is sharing video of an incident where a drive-thru worker was spit on by a customer -- seeking the suspect as part of an assault investigation.
Strong not only placed first but they also walk away with one-million-dollars, the largest cash price in Canadian television history.
The Vancouver Canuck's woke up in the third period of Tuesday night's game, only to come up short in the last minute. The Canucks lost 3-2 to Edmonton, but fans are looking to the next game. Monika Gul has more.
Evan Bouchard scored the game-winning goal with 39 seconds remaining after Dakota Joshua tied it up less than a minute earlier as the Edmonton Oilers outlasted the Vancouver Canucks in a thriller 3-2, to even up their second-round series at 2-2.
Tension rising at UBC after a group barricaded the campus bookstore over the weekend. As Angela Bower reports, the university says all options to deal with protesters are now on the table.
LifeLabs pays hackers to recover data of 15 million customers
- 10 dangerous app vulnerabilities to watch out for (free PDF)
LifeLabs , Canada's leading provider of laboratory diagnostics and testing services, admitted today to paying hackers to retrieve data stolen during a security breach last month.
"We did this [paying the hackers] in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals," the company said today in a press release .
It is unclear how much the company paid to recover its data. A LifeLabs spokesperson was not immediately available for comment when reached out via phone call.
According to documents filed with the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia , the security breach occurred last month, around November 1.
LifeLabs said the hackers breached its systems, extracted customer data, and then demanded a ransom to give the company back its data.
According to LifeLabs, the hackers took information on over 15 million customers. The type of personal data stolen by the attackers included names, home addresses, email addresses, usernames, passwords, and health card numbers.
For 85,000 customers medical test results were also included.
The stolen data was dated 2016, and earlier, LifeLabs said.
The Canadian company said it's currently working with law enforcement on an investigation into the hack.
It also said it patched its system for the entry point hackers used to breach its servers.
"I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations," said Charles Brown, LifeLabs President and CEO.
For impacted users, additional information is available in a security notice on LifeLabs' website.
Cryptocurrency cyberattacks and breaches of 2019 (in pictures)
Hacker claims to have stolen dell customer data, twice. here's how to protect yourself, security researchers say this scary exploit could render all vpns useless, how we test vpns in 2024.
15 Million Affected by LifeLabs Data Breach
LifeLabs, a Canadian based healthcare organization, was the victim of a cyberattack in November 2019. After an investigation conducted by Ontario and British Columbia Information and Privacy Commissioners, it was found that the LifeLabs data breach was the result of inadequate security policies and safeguards.
Is your organization secure?
Find out now with our hipaa compliance checklist., lifelabs data breach: what happened.
November 1, 2019 – LifeLabs data breach was discovered, affecting 15 million patients, the second-largest healthcare breach reported in 2019. Hackers infiltrated LifeLabs computer systems, risking patients’ protected health information (PHI). Data that may have been exposed in the hack include health card information, patients’ lab results, emails, contact details, login information, and dates of birth.
Following the attack, LifeLabs worked with cybersecurity experts to negotiate the return of the stolen data. To regain access to its patients’ data, LifeLabs paid hackers to return the stolen files.
December 2019 – LifeLabs notified patients that their sensitive information may have been compromised. Soon after the notification , patients filed multiple lawsuits claiming that LifeLabs was negligent since it failed to protect their data. The lawsuits also claim that LifeLabs violated privacy and consumer protection laws when it failed to implement adequate security safeguards. The filed lawsuits are asking for $1.1 billion to compensate the victims of the LifeLabs data breach.
LifeLabs Data Breach: Improving Security
Following the healthcare breach, LifeLabs was required to implement security measures to ensure that an attack of this nature doesn’t occur again.
These measures include:
◈ Appointing a Chief Information Security Officer
◈ Third-party Cyberattack Evaluation
◈ Cybercrime Detection Technology
◈ Employee Training
◈ Implementing Security Policies and Procedures
In addition to these security measures, the commissioners ordered LifeLabs to cease collecting data, and to dispose of previously collected data in a secure fashion. LifeLabs must also improve their notification processes.
“This breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant against these types of attacks,” Brian Beamish, Information and Privacy Commissioner of Ontario , said in a statement. “I look forward to providing the public, and particularly those who were affected by the breach, with the full details of our investigation.”
Prevent HIPAA Breaches
Don’t fall victim to breaches. protect your business by becoming compliant today, don't forget to share this post, related posts.
CIS 18 Certification and Implementation
HHS Issues a Final Rule to Support Reproductive Healthcare Privacy
Internet of Things in Healthcare Interoperability and Security Issues
Our product.
Featured Case Studies
From our blog, get in touch.
© 2024 Compliancy Group LLC. All Rights Reserved | Terms of Use | Privacy Policy
LifeLabs class action payments start flowing to more than 900,000 claimants
A 2019 data breach allowed hackers to access the personal information of up to 15 million Lifelabs customers. DARRYL DYCK/The Canadian Press
Canadians who applied to be part of a class-action lawsuit against LifeLabs Inc. are now receiving cheques and e-transfers.
KPMG, which is administering the claims, says on the class action website that more than 900,000 valid claims were received.
Given the large number of valid claims, KPMG says claimants will receive an e-transfer of $7.86. Those receiving a cheque will get $5.86, after deducting a $2 processing fee.
The class action was launched against LifeLabs after a 2019 data breach allowed hackers to access the personal information of up to 15 million customers.
An Ontario court approved a total Canada-wide settlement of up to $9.8-million.
LifeLabs has said most of the affected customers were in Ontario and British Columbia.
In 2020, the B.C. and Ontario privacy commissioners ordered LifeLabs to improve how it safeguards personal health information, and to collect less of it from customers.
The payments are significantly smaller than what many claimants had been expecting.
When the class action settlement was approved last fall, potential claimants were told they would be eligible to receive about $50, up to a maximum of $150, though legal fees and taxes would be deducted. The precise amount, however, would be determined based on how many claims were filed.
Report an editorial error
Report a technical issue
Follow related authors and topics
- Banking Follow You must be logged in to follow. Log In Create free account
- KPMG Follow You must be logged in to follow. Log In Create free account
Authors and topics you follow will be added to your personal news feed in Following .
Interact with The Globe
.
Advertisement
'We're sorry': 15M LifeLabs customers may have had data breached in cyberattack
Jeremiah Rodriguez CTVNews.ca Writer
@jererodriguezzz Contact
TORONTO -- Hackers may have obtained the personal data of 15 million LifeLabs customers after a systems breach, and this includes addresses, passwords, birthdays, health card numbers and even lab results.
- Here's what to do if you think you're affected by the cyberattack
LifeLabs, one of the largest private providers of health diagnostic testing, said in an open letter to its customers that the firm had become aware of a recent hack to its computer systems which contained customer information, names and logins.
It didn’t specify exactly who had hacked the system but LifeLabs alerted the Ontario and B.C. privacy commissioners of the hack on Nov. 1. LifeLabs also said it paid ransom to secure the data.
LifeLabs’ letter also said the majority of these customers were in Ontario and British Columbia, with "relatively few customers" in other locations. LifeLabs President and CEO Charles Brown told CTV News approximately 10 million affected were in Ontario, with five million in B.C.
When it came to lab results, LifeLabs said the hack affected 85,000 of its Ontario customers from 2016 or earlier.
“Our investigation to date indicates any instance of health card information was from 2016 or earlier,” the letter added.
The firm discovered the cyberattack in late October and Brown has since personally apologized for the hack.
“I’d like to say to our customers that we’re sorry. We realize this may have shaken their confidence and we’ll do everything we can to win it back,” he told CTV News. “We know that health data is important and we do take that responsibility quite seriously.”
We recently identified a cyber-attack that involved unauthorized access to our computer systems. We are sorry that this incident happened. The data has been retrieved, and a law enforcement investigation is underway. For more info, visit https://t.co/gUYdHeR0Kh . — LifeLabs (@LifeLabs) December 17, 2019
As of Wednesday, two dedicated phone lines -- 1-800-431-7206 (British Columbia) and 1-877-849-3637 (Ontario) -- have been set up for people who want to inquire about further information. In a statement, the firm said there will be extended call centre hours. People can call weekdays between 8 a.m. and 11 p.m., and weekends between 8 a.m. and 8 p.m.
LIFELABS CAN'T GUARANTEE DATA WASN’T COPIED
In the letter, Brown said that the risk to customers from the data breach was low. He also said cybersecurity firms told them they hadn’t seen a public disclosure of the customer data online, including on the dark web or other online locations.
Following the advice of cybersecurity experts, he said they retrieved “the data by making a payment,” Brown said. He later explained his thinking behind that decision.
“Our desire was to try to get this data and keep it as secure as we could and not have it exposed,” he told CTV News.
But LifeLabs couldn’t guarantee that the hackers were unable to save a copy of the data. The firm has also been in touch with law enforcement, its government partners and notified privacy commissioners.
According to a joint statement from the Information and Privacy Commissioner for British Columbia and the Information and Privacy Commissioner of Ontario, LifeLabs had reported the hack to them on Nov. 1 and said that the hackers had been demanding a ransom.
Commissioners investigating LifeLabs cyberattack affecting health care information of millions. https://t.co/yCcmSeCrX4 @IPCinfoprivacy #privacy #data — OIPC BC (@BCInfoPrivacy) December 17, 2019
Cybersecurity expert Brian O’Higgins told CTV News Channel customers “may have dodged a bullet” since the hackers were likely more interested in obtaining money in exchange for people’s personal data rather than caring about the lab results.
But the fact the hackers have any personal information at all could lead to identity theft and “that could lead to a world of hurt.”
The privacy commissioners’ co-ordinated investigation will examine the extent of the breach, what led up to it and what – if anything -- could have been done to prevent it.
“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant,” Information and Privacy Commissioner of Ontario Brian Beamish said in the statement.
Information, and Privacy Commissioner for B.C. Michael McEvoy added, “our independent offices are committed to thoroughly investigating this breach. We will publicly report our findings and recommendations once our work is complete.”
LIFELABS HAS TO DO BETTER: FMR. PRIVACY OFFICIAL
Former Information and Privacy Commissioner of Ontario Ann Cavoukian told CTV News Channel the hack is “very damaging.”
Despite LifeLabs saying it paid the ransom, there are no guarantees the data won’t show up elsewhere. Cavoukian said it’s “virtually impossible to control in terms of getting it back and you don’t know where it might appear.”
She said once customers give up their personal data to third parties, they’re at their mercy. That’s why she chastised Lifelabs for not having strong enough security to prevent the data from being stolen.
“I say that data at rest (such as the health card numbers and addresses) should be strongly encrypted so it doesn’t serve as a magnet for the bad guys,” Cavoukian said. “You don’t want to be an easy target. And that’s what’s so appalling. LifeLabs should have had the strongest security measures in place already.”
She said the bulk “of responsibility of the protection of this data is with LifeLabs.” Going forward, LifeLabs CEO pledged the company will strengthen its system to deter future hacks.
LifeLabs said it is offering “any customer who is concerned about this incident” a free year of protection including dark web monitoring and identity theft insurance from American consumer credit reporting agency TransUnion.
But Cavoukian argued that it’s also on the consumer to contact LifeLabs directly to ask if their data has been compromised. She also predicted there could be class-action lawsuits following the breach.
GROWING CONCERN OVER CYBERATTACKS
The menace of cyberattacks is a growing concern among private citizens, companies and governments.
Last month , cybersecurity firm McAfee said that 33 per cent of Canadians have lost $500 or more in online scams this year. And it warned that that number is only expected to rise during the holiday shopping season.
In the past year alone, there’s also been a handful of actual or potential data breaches including at companies such as Desjardins , Disney Plus , Capital One , Freedom Mobile , DoorDash ; as well as government healthcare systems , and even at TransUnion Canada .
A recent survey of Canadian companies found that nearly 90 per cent said they had experienced a breach in the past year. O’Higgins, who’s spent the past 30 years in security technology development, said all firms are now facing a new reality.
“Corporations now routinely have cyber risk insurance and when there is an issue the insurer comes in and helps them pay,” he said.
With a file from CTVNews.ca producer Adam Ward
LifeLabs letter by CTV Vancouver on Scribd
LifeLabs signage is seen outside of one of the lab's Toronto locations, Tuesday, Dec. 17, 2019. (THE CANADIAN PRESS/Cole Burston)
Vials of blood for testing are shown at a LifeLabs facility in this file photo.
Related Stories
- LifeLabs cyberattack: What to do if you think you're affected
- More Canadian doctors embracing electronic medical records
- LifeLabs closing 15 patient labs, three testing facilities in bid to reduce costs
Related Links
- See the full statment from the Ontario and B.C. privacy commissioners
More Health Stories
New study shows financial impact of homelessness on our health-care system
P.E.I. proposes banning Islanders of a certain age from purchasing tobacco products in new health plan
'It could mean a cure': Cautious optimism for groundbreaking ALS research at Western
Certain vegetarian diets significantly reduce risk of cancer, heart disease and death, study says
Wildfires: Here's who's most at risk when the air quality drops
'Not a scarient': New COVID-19 subvariant dominant in Canada
B.C. mom whose son died from wildfire smoke trying to make this year safer
Alberta announces the 4 health agencies that will replace AHS later this year
If you've tried meditating but can't sit still, here's how - and why - to try again
Que. students accuse teacher of profiting off their artwork
Car thefts in Canada: Insurance companies face criticism
$50K reward offered in case of missing Barrie, Ont. woman
Ctvnews.ca top stories.
'Some structural damage' from wildfire near Fort Nelson, B.C., mayor confirms
'Very expensive lunch': Sask. driver says he got a cellphone ticket for using his points app in the drive-thru
B.C. YouTuber ordered to pay $350K for 'relentless' online defamation campaign
Chief says grave search at B.C. residential school brings things 'full circle'
'Endless Shrimp' just one misstep for Red Lobster as it eyes bankruptcy protection
B.C. man shot sex worker in the back during drug-fuelled birthday, court hears
Going to a long weekend BBQ? Here's what you can bring
Man punches Subway manager for not getting extra ham on sub
Montreal’s ‘Mon Lapin’ named Canada’s best restaurant
Sign up for The COVID-19 Brief newsletter
Health videos.
Wildfire weather: Here's the forecast for Western Canada
Saskatchewan nurses call code blue over ER overcrowding
Cancer rates declining but more prevention work needed
Here's why ultra-processed foods are linked to early deaths
Some Canadians dumped by family doctors after walk-in visits
Sask. to cover medical travel expenses for some patients
Data Breach
Lifelabs suffers a data breach revealing the health data of 15 million canadians, caleb townsend staff writer   united states cybersecurity magazine.
LifeLabs has revealed that 15 million Canadians may have had their data leaked after a being hit with a cyber-attack in October. LifeLabs is a diagnostics testing company, the largest healthcare laboratory test company in Canada. In a recent blog post , they revealed that most of the victim were in Ontario and British Columbia.
The data was accessed by an unauthorized party and LifeLabs paid a ransom to retrieve their stolen data. They paid for the data in collaboration with cybersecurity experts who reportedly helped guide them through the process.
The data that was stolen includes names, addresses, emails, patient login passwords, date of birth, and health-card numbers. Additionally, a confirmed 85,000 customers’ lab test results were stolen.
The stolen data was largely from 2016 and earlier.
LifeLabs also reports taking several measures to protect their data, and more pressing, their customer’s data, in the future. This includes:
- Collaborating with cybersecurity experts to help secure their systems, isolate the threats, mitigate the risk, and identify exactly how large the data breach was.
- Finding ways to help improve their overall cybersecurity posture and strengthen their system to help reduce the risk of attack.
- Engaging with the police, whom LifeLabs states is currently investigating the breach.
- Offering cybersecurity protection to any costumers affected, including identity theft protection, dark web monitoring, and fraud protection insurance. This monitoring and protection will be free for one year.
Despite the paid ransom, there are no solid reports as to whether or not the hackers released or sold any customer information.
LifeLabs states in their customer notice that, “While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this breach and they are investigating the matter. We have also notified our government partners.”
They conclude by pointing out that they indeed took steps over the last few years to secure their systems, though this recent breach “serves as a reminder” that they, and by extension all businesses, need to stay ahead of cyber-attacks by taking proactive steps to strengthen their cybersecurity defenses.
Leave a Comment
Privacy overview.
Global News
Customers involved in LifeLabs data breach class-action lawsuit surprised by payout
Posted: May 14, 2024 | Last updated: May 15, 2024
People involved in a data leak by LifeLabs in 2019 are finally receiving compensation, but the amount is less than many expected. The company settled a class action lawsuit for more than 900,000 claims.
More for You
Red Lobster to close at least 48 restaurants after ‘endless shrimp’ debacle
Inexpensive Seagull electric car has US automakers, politicians trembling with fear
How close are we to nuclear war?
The 10 Best Strikers In The World
Deadly 'Zombie' virus continues spread
Groundbreaking research on concussions available free online through University of Calgary
I moved to Finland after reading it was the happiest place on earth. Here are 6 things that surprised me living and working here.
11 Best Vacuum Cleaners, Tested by Cleaning Experts
At CES, LG unveils ‘world’s first’ wireless transparent OLED TV
Trump Force One clipped another plane on runway after leaving New Jersey rally
How Much Range does a Tesla Model X have after 7 years?
20 facts you might not know about 'Moneyball'
Vancouver company unveils Team Canada’s beach volleyball Olympic uniform design
The 10 Best Countries for Expats, According to Expats
Slovakia's populist prime minister shot in assassination attempt, shocking Europe before elections
'It has been an honour of a lifetime': Toronto's top doctor announces her resignation
McDonald's unveils huge new triple burger and fan-favourites returning to menu
Good Riddance, Corey Perry. You Are Hockey's Tired Old Act
The Most Popular Book the Year You Were Born
Study aims to find best adrenaline dose for cardiac arrest patients
LifeLabs goes to court to block results of investigation into 2019 privacy breach
Social Sharing
Two of Canada's provincial privacy officers say that they're still unable to release a full report about last year's security breach at LifeLabs because the company has gone to court to stop the release of information obtained during the investigation into the breach.
A joint statement from the privacy commissioners for Ontario and British Columbia says the Toronto-based chain of medical labs has agreed to comply with their orders and recommendations.
They say LifeLabs has sought a court order preventing the public release of some of the report, claiming it contains information that's privileged or otherwise confidential.
But Ontario's Patricia Kosseim and B.C.'s Michael McEvoy say they believe it's vital to bring to light the underlying causes of a privacy breach involving information of up to 15 million customers.
The commissioners reported last month that LifeLabs had failed to put in place reasonable safeguards and it had broken Ontario and B.C.'s information protection laws.
LifeLabs said at the time that it had taken a number of steps to accelerate its cybersecurity strategy and practices to strengthen its information security system.
The company was not immediately available for comment about the commissioners' latest statement.
Corrections
- A previous version of this story incorrectly stated in the headline that LifeLabs was trying to block the investigation into their 2019 privacy breach. In fact, it is trying to block the release of information obtained during that investigation, which it fully co-operated with. Jul 30, 2020 11:28 AM ET
Related Stories
- Hacker demands ransom from B.C. libraries after data breach
- Prince Albert police arrest 29-year-old man in domestic homicide investigation
- Claimants in LifeLabs data-breach class action to get $7.86 each
- eVisitNB commits 'serious breaches' of Official Languages Act, commissioner finds
- Alberta investigations into uninspected meat spark food safety concerns
IMAGES
COMMENTS
Campus. Lessons Learned: LifeLabs Data Breach Case Study. This is the third blog post of our blog series on the topic of Lessons Learned. In our first article, we had a look at the BlackRock data breachand in our second article, we shed light on Earl Enterprises Data Breach. This blog post is intended to assist health care practices in ...
The incident was the second-largest healthcare data breach of 2019. While LifeLabs fixed the system issues that led to the breach, patients soon filed several lawsuits against the testing giant ...
LifeLabs — Canada's major provider of lab diagnostics and testing services — announced on Dec. 17 that hackers had potentially accessed computer systems with data from "approximately 15 ...
The LifeLabs data breach comes in the midst of general concern about the Canadian health care system's ability to protect patient data. 2019 saw the Ryuk malware devastate three hospitals in Ontario, the theft of an unencrypted hard drive full of patient data and unauthorized employee access of thousands of records in Alberta, and the ...
Applications are open online until April 6. (Cole Burston/The Canadian Press) Canadian residents whose personal data was compromised in a 2019 LifeLabs data breach can now apply for up to $150 in ...
In a letter to customers, LifeLabs president Charles Brown wrote that information related to about 15 million customers, mainly in B.C. and Ontario, may have been accessed during the breach.
The data breach of laboratory testing company LifeLabs affected around 15 million Canadians. (Cole Burston/The Canadian Press) LifeLabs failed to protect the personal health information of ...
A data breach at LifeLabs, potentially affecting up to 15 million Canadians, was revealed Tuesday. The company, which performs medical lab tests, apologized for the security breach in a statement ...
LifeLabs case, the data were extracted." Although LifeLabs said it "retrieved the data by making a payment", Frank says, "if the cybercriminals already have a copy, then retrieving it will not suddenly disallow the attackers from further using that data". Frank suggests that LifeLabs likely "fell victim to a ransomware attack,
Following the discovery of the breach, LifeLabs has taken several measures to protect customer information: We immediately engaged world-class cyber security experts to isolate and secure the systems, and determine the scope of the breach; We are taking steps to further strengthen our systems to deter future attacks;
LifeLabs announced the data breach in December 2019, but the company said it discovered the cyberattack in late October. ... Radical anti-government rhetoric appears in northern Ont. court case.
Canadians affected by the massive 2019 cyberattack on LifeLabs are finally getting their money following a class-action lawsuit. The 901,544 claimants across the country will receive $7.86. KPMG, acting on behalf of the plaintiffs, says the payout amount is low because so many people filed claims. The initial payout was expected to be up to $150.
According to LifeLabs, the hackers took information on over 15 million customers. The type of personal data stolen by the attackers included names, home addresses, email addresses, usernames ...
WATCH: Cyberattack compromises data of 15 million LifeLabs customers - Dec 17, 2019. Lab-test provider LifeLabs says the personal information — possibly including health card numbers — of an ...
2:14 Miniscule payout for LifeLabs class action lawsuit claimants B.C. LifeLabs customers who were part of the data breach class-action lawsuit will be receiving their settlement payments in the ...
LifeLabs worked with outside cybersecurity consultants to investigate the incident and restore the security of the data. According to the December 17, 2019 Backgrounder on the breach , it was revealed that there was a large-scale breach of systems containing information of an estimated 15 million people mostly in Ontario and British Columbia.
The data breach of Canadian laboratory testing company LifeLabs highlights the security and privacy challenges that come with the push for a medical system in which e-health plays a significant ...
The cyberattack follows a massive data breach at Desjardins Group this year that affected all 4.2 million of its customers, which resulted in the banking co-operative's chief executive officer ...
A Canadian company specializing in administering laboratory tests, LifeLabs, announced on Dec. 17 that it had been the victim of a data breach affecting up to 15 million customers. And yes, at ...
November 1, 2019 - LifeLabs data breach was discovered, affecting 15 million patients, the second-largest healthcare breach reported in 2019. Hackers infiltrated LifeLabs computer systems, risking patients' protected health information (PHI). Data that may have been exposed in the hack include health card information, patients' lab ...
The class action was launched against LifeLabs after a 2019 data breach allowed hackers to access the personal information of up to 15 million customers. An Ontario court approved a total Canada ...
TORONTO -- A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to access the personal information of up to 15 million customers. In an unproven statement of claim filed in Ontario Superior Court on Dec. 27, lawyers Peter Waldmann and Andrew Stein accuse LifeLabs of ...
Hackers may have obtained the personal data of 15 million LifeLabs customers after a systems breach, and this includes addresses, passwords, birthdays, health card numbers and even lab results.
The sign for a LifeLabs location in North Vancouver, B.C., pictured in October 2021. The company said most of its customers affected by the data breach were in British Columbia and Ontario ...
Canadian testing giant LifeLabs is facing a potentially class-action lawsuit after it reported a massive data breach impacting 15 million patients; officials paid cybercriminals to retrieve the data.
The data was accessed by an unauthorized party and LifeLabs paid a ransom to retrieve their stolen data. They paid for the data in collaboration with cybersecurity experts who reportedly helped guide them through the process. The data that was stolen includes names, addresses, emails, patient login passwords, date of birth, and health-card numbers.
People involved in a data leak by LifeLabs in 2019 are finally receiving compensation, but the amount is less than many expected. The company settled a class action lawsuit for more than 900,000 ...
A previous version of this story incorrectly stated in the headline that LifeLabs was trying to block the investigation into their 2019 privacy breach. In fact, it is trying to block the release ...
Claimants getting under $10 from LifeLabs lawsuit. Ontario residents say they are receiving less than $10 dollars from a settlement by LifeLabs for a data breach. May 15, 2024 1:50 p.m. PDT.