LifeLabs suffers security breach

December 18, 2019

Charles BrownVANCOUVER – Millions of Canadians’ private information could be at risk after a cyberattack was conducted against the computer systems of LifeLabs, a laboratory testing company. The privacy commissioners’ offices in both B.C. and Ontario are co-ordinating an investigation into the attack, which has affected systems containing information belonging to about 15 million customers.

The information systems include names, addresses, emails, customer logins and passwords, health card numbers and lab tests.

LifeLabs confirmed to the OIPC that cyber criminals penetrated the company’s systems, took data and demanded a ransom. LifeLabs has also asked outside cybersecurity consultants to investigate and help with restoring security of the data.

“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant,” said Brian Beamish, information and privacy commissioner of Ontario in a news release.

“Cyberattacks are growing criminal phenomena and perpetrators are becoming increasingly sophisticated. Public institutions and healthcare organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”

The president and CEO of LifeLabs, Charles Brown (pictured), issued a public letter that included the following information:

“We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information. In the interest of transparency and as required by privacy regulations, we are making this announcement to notify all customers.

“There is information relating to approximately 15 million customers on the computer systems that were potentially accessed in this breach. The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations.

“In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier.”