LifeLabs paid ransom to retrieve personal & healthcare data of 15m patients

Canadian diagnostics major LifeLabs recently announced that it paid ransom to cyber criminals to retrieve vast amounts of personal and healthcare information of up to 15 million Canadians that were stolen by the hackers after breaching the company's systems in November.

LifeLabs is Canada's largest provider of general diagnostic and specialty laboratory testing services, carrying out over 112 million laboratory tests every year through 16 laboratories and four core divisions manned by 5,700 trained professionals.

The diagnostics services provider is considered to be among the top companies in the global clinical laboratory test market along with Quest Diagnostics, AURORA Diagnostics, Laboratory Corporation of America, and Sonic Healthcare. As such, it is no surprise that the company has been targeted by hackers in search of a large amount of money as ransom.

In a press release published on Tuesday, Lifelabs announced that it was a victim of a cyber security incident in November that involved hackers breaching its systems and stealing personal and healthcare information of approximately 15 million customers, the vast majority of whom were based in Ontario and British Columbia.

Customer data stolen by hackers after breaching LifeLabs's systems included names, addresses, email addresses, usernames, passwords, dates of birth, health card numbers, and laboratory test results. Hackers also stole laboratory test results of 85,000 Ontario residents who got their tests done prior to 2016.

LifeLabs paid a ransom to retrieve all stolen data

Charles Brown, president and CEO of LifeLabs, said that as soon as the company identified the breach of its systems, it immediately engaged world-class cyber security experts to isolate and secure the affected systems and determine the scope of the attack. The company also informed law enforcement authorities, retrieved all stolen data by making a payment to hackers, and is now offering identity theft and fraud protection insurance to affected customers.

"We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information. In the interest of transparency and as required by privacy regulations, we are making this announcement to notify all customers.

"There is information relating to approximately 15 million customers on the computer systems that were potentially accessed in this breach. The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations.

"In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier," Mr Brown added.

In a separate press release, the Office of the Information and Privacy Commissioner of Ontario (IPC) said that it is launching a coordinated investigation with the Privacy Commissioner for British Columbia (OIPC) into the cyber attack that resulted in the breach of LifeLab's computer systems and the loss of vast amounts of customer data.

"The coordinated IPC/OIPC investigation will, among other things, examine the scope of the breach, the circumstances leading to it, and what, if any, measures Lifelabs could have taken to prevent and contain the breach. We will also investigate ways LifeLabs can help ensure the future security of personal information and avoid further attacks," it said.

LifeLabs is yet to reveal how much ransom was paid to the hackers, whether the company has been able to establish the identities of the hackers, or whether the company was able to recover all the information that had been accessed and stolen by hackers in November.

Hackers may target millions of Lifelabs customers with phishing attacks

"LifeLabs must surely have an enormous treasure of sensitive data, so besides improving their perimeter defense, they should explore a data-centric security approach. That way, they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents.

"Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on, in the case of healthcare, patient care over IT," said Warren Poschman, senior solutions architect at comforte AG.

In an advise to affected customers of LifeLabs, Brian Higgins, security specialist at Comparitech.com, says that affected customers should not entertain or respond to any unsolicited communication from LifeLabs as hackers may use their personal information such as health card numbers and LifeLabs login credentials to carry out phishing attacks.

"Criminals will call or email purporting to be offering legitimate help but their sole aim is to play on people’s fear to make them give up their personal information. This could be logon credentials, passwords, payment information or any other data they can use to commit more crimes.

"Any contact whatsoever should be referred back to LifeLabs for confirmation and forwarded or reported to Law Enforcement immediately. This is attack will have serious personal impact upon all of those involved. It would be tragic if the consequences were compounded by victims sharing even more personal information," he added.

ALSO READ: AMCA files for bankruptcy following massive breach that impacted 20m patients

Copyright Lyonsdown Limited 2020