Victoria – One doesn’t usually think twice about security when you have to go to a lab to give blood, urine or stool samples. You just want to get it over with.
However, this breach is concerning.
The Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC) are undertaking a co-ordinated investigation into a cyberattack on the computer systems of Canadian laboratory testing company LifeLabs.
LifeLabs is Canada’s largest provider of general diagnostic and specialty laboratory testing services. The company has four core divisions: LifeLabs, LifeLabs Genetics, Rocky Mountain Analytical, and Excelleris.
Lifelabs have branches within the Fraser Valley.
On November 1, LifeLabs reported a potential cyberattack on their computer systems to the IPC and the OIPC. Shortly thereafter, they confirmed they were the subject of an attack affecting the personal information of millions of customers, primarily in Ontario and British Columbia. The affected systems contain information of approximately 15 million LifeLab customers, including name, address, email, customer logins and passwords, health card numbers and lab tests. LifeLabs advised the Privacy Commission that cyber criminals penetrated the company’s systems, extracting data and demanding a ransom. Lifelabs retained outside cybersecurity consultants to investigate and assist with restoring the security of the data.
Lifelabs officials admit that they payed an undisclosed ransom to the hackers to re-access the information.
LifeLabs has set up a dedicated phone line and information on their website for individuals affected by the breach. To find out more, the public should visit customernotice.lifelabs.com (http://www.customernotice.lifelabs.com/) or contact LifeLabs at 1 888 918-0467.
The co-ordinated IPC/OIPC investigation will, among other things, examine the scope of the breach, the circumstances leading to it and what, if any, measures Lifelabs could have taken to prevent and contain the breach. We will also investigate ways LifeLabs can help ensure the future security of personal information and avoid further attacks.
Michael McEvoy, information and privacy commissioner for B.C. said, “I am deeply concerned about this matter. The breach of sensitive personal health information can be devastating to those who are affected. Our independent offices are committed to thoroughly investigating this breach. We will publicly report our findings and recommendations once our work is complete.”
The IPC and OIPC are reaching out to the information and privacy commissioners of other jurisdictions with affected customers.
