Personal health information compromised in LifeLabs hack


Published December 17, 2019 at 9:26 pm


LifeLabs, a well-known lab test provider, recently told its customers that it was the victim of a cyber-attack that involved unauthorized access to its computer systems. Customer information that’s potentially been compromised includes names, addresses, email addresses, logins, passwords, dates of birth, health card numbers, and lab test results.

LifeLabs says there is information relating to approximately 15 million customers on the computer systems that were potentially accessed in the breach. 

The vast majority of affected customers are in B.C. and Ontario, with relatively few customers in other locations. 

“In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier,” Charles Brown, president and CEO, LifeLabs, said in a statement, 

“Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.”

LifeLabs says it has taken other actions to secure info, including engaging with world-class cybersecurity experts to isolate and secure the affected systems and determine the scope of the breach, as well as strengthen its systems to deter future incidents.

It also says it retrieved the data by making a payment. 

“We did this in collaboration with experts familiar with cyber-attacks and negotiations with cybercriminals,” Brown said in a statement. 

LifeLabs also says it’s engaging with law enforcement and offering cybersecurity protection services to its customers, such as identity theft and fraud protection insurance.

“I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” says Brown. 

“We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information.”

LifeLabs says any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance.

For more info, click here.

insauga's Editorial Standards and Policies advertising