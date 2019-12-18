LifeLabs Reveals Data Breach, Pays Ransom To Secure Personal Info Of 15M People

138 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

The personal information of 15 million Canadians may have been exposed after a company that performs diagnostic, naturopathic, and genetic tests had its computer systems hacked.

LifeLabs announced the breach on its website, saying it discovered the hack through proactive surveillance.

The company says it paid a ransom in order to secure the data, including test results from 85,000 Ontarians. It says that the majority of affected customers are from B.C. and Ontario, and the breach was discovered at the end of October.

The compromised test results were from 2016 and earlier and LifeLabs says there is no evidence that results were accessed in other provinces aside from Ontario, it was reported.

EXPERTS COMMENTS
Brian Higgins, Security Specialist,  Comparitech.com
December 18, 2019
This is attack will have serious personal impact upon all of those involved.
This appears to be a successful extortion attack upon LifeLabs given that they have paid their criminal attackers to have the stolen data returned. Only after thorough investigation by the relevant authorities will this be confirmed and until then there remains the possibility that other cyber criminals may be in possession of the data. The compensatory offer of free DarkWeb monitoring and password advice are a nice touch but by far the most critical threat to LifeLabs customers is further exploitation by criminal organisations. The entire consumer community will understandably be worried that their personal, medical data has been breached and it is this concern that makes them vulnerable to further criminal attack. Under no circumstances whatsoever should any current or previous customers respond to any unsolicited communication from LifeLabs. Criminals will call or email purporting to be offering legitimate help but their sole aim is to play on people’s fear to make them give up their personal information. This could be logon credentials, passwords, payment information or any other data they can use to commit more crimes. Any contact whatsoever should be referred back to LifeLabs for confirmation and forwarded or reported to Law Enforcement immediately. This is attack will have serious personal impact upon all of those involved. It would be tragic if the consequences were compounded by victims sharing even more personal information.
Irfan Khimji, Country Manager ,  Tripwire
December 18, 2019
This latest one hits a little closer to home as it directly impacts the medical records of our families and loved ones.
There have been many breaches that have impacted many Canadians this past year. This latest one hits a little closer to home as it directly impacts the medical records of our families and loved ones. While some of the information compromised cannot be changed, there is some due diligence that consumers can take. If one’s login credentials used to access the LifeLabs portal are used on other sites, it is a good idea to change those passwords as well as consider using a password manager moving forward. Where possible, it is also a good idea to enable Multi-factor authentication.
Warren Poschman, Senior Solutions Architect,  comforte AG
December 18, 2019
LifeLabs must surely have an enormous treasure of sensitive data.
Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on, in the case of healthcare, patient care over IT. LifeLabs must surely have an enormous treasure of sensitive data, so besides improving their perimeter defense, they should explore a data-centric security approach. That way, they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents.
Javvad Malik, Security Awareness Advocate,  KnowBe4
December 18, 2019
Customers should take advantage of any identity theft protection.
There are few details available at the moment, so it's difficult to say how the breach occurred. All that we know at the moment is that an unauthorised third party managed to gain access to a large dataset of customer information. It looks like the criminals were successfully able to extort money from LifeLabs, but paying criminals is no guarantee they won't re-sell the data, or use it to compromise users further. So customers should be wary of any emails they receive, particularly ones which may claim to be from LifeLabs. Additionally, customers should take advantage of any identity theft protection that is offered and keep an eye on their credit records.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :


Join the Conversation

Join the Conversation

In this article