Toronto (December 18, 2019) – A cyberattack hit LifeLabs and accessed its computer systems with customer information. Canada’s largest private provider of diagnostic testing for health care identified the attack at the end of October. To date, the company estimates that 15 million customers’ information has been disclosed including name, address, email, login, passwords, date of birth, health card number, and lab test results. Since LifeLabs paid a ransom, the stolen data had been retrieved from the cybercriminals. Thereafter, LifeLabs’ hired cybersecurity firms advised that the customers’ risk in connection with the cyberattack is low. Anyhow, LifeLabs is offering cybersecurity protection services to its customers.
Approximately 15 million customers’ personal information has been obtained by cybercriminals during a cyberattack on LifeLabs. Canada’s largest private provider of diagnostic testing for health care identified the attack at the end of October.
LifeLabs extorted with stolen personal information of customers
During the attack, the hackers accessed LifeLabs’ computer systems with customer information, which has been obtained by the cybercriminals. These data include customer name, address, email, login, passwords, date of birth, health card number, and lab test results.
The vast majority of the 15 million customers are in British Columbia and Ontario. Furthermore, LifeLabs indicates that about 85,000 customers’ information about lab test results from 2016 or earlier located in Ontario as well as health card information from 2016 or earlier have been compromised.
The company also confirms that they have paid a ransom to the cybercriminals in order to retrieve the stolen data. ‘We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals,’ stated president and CEO of LifeLabs, Charles Brown.
We recently identified a cyber-attack that involved unauthorized access to our computer systems. We are sorry that this incident happened. The data has been retrieved, and a law enforcement investigation is underway. For more info, visit https://t.co/gUYdHeR0Kh.— LifeLabs (@LifeLabs) December 17, 2019
Following the attack, LifeLabs informed the public about the cybersecurity incident in an open letter on December 17, signed by Brown, who affirmed: ‘Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.’
An issue of cybersecurity
LifeLabs ensures that multiple measures have been taken to protect their customers’ information by fixing the system issues related to the attack and strengthening their computer systems to deter future incidents. After the attack, LifeLabs hired cybersecurity firms to isolate and secure the affected systems and determine the scope of the breach. Moreover, they have informed law enforcement as well as the privacy commissioners fo British Columbia and Ontario, who are investigating the matter now.
‘While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors,’ added Brown in the open letter. The investigation of LifeLabs’ hired cybersecurity firms advised that no customer data have yet publicly disclosed on any location online, also not on the dark web. Consequently, the cybersecurity experts evaluated the risk to customers in connection with the cyberattack as low.
In the meantime, LifeLabs is offering cybersecurity packages for customers including dark web monitoring, cybersecurity protection for one year from TransUnion with credit monitoring and fraud insurance protection. Additionally, they have set up a call center dedicated to this incident that can be reached at 1-888-918-0467.