Ransomware Attack on Large Canadian Medical Testing Company Potentially Impacts 15 Million Customers

LifeLabs in Toronto, one of Canada’s biggest medical testing and diagnostics firms, reported a serious data breach. Hackers potentially accessed the personal and health data of about 15 million people, the majority of whom reside in British Columbia and Ontario. Because of the number of individuals possibly impacted, this incident can be considered as one of the biggest healthcare ransomware attacks so far. The privacy commissioners in the two Canadian provinces said that this is an extremely troubling incident because of the enormity of the attack.

When the attackers accessed its systems, they downloaded ransomware and encrypted a substantial amount of client information. The investigators are still looking into the cyberattack, and so it is still uncertain what data was stolen. But it was confirmed that the attackers accessed the parts of the system containing the 2016 and earlier test data of about 85,000 Ontarians. There is no evidence that indicates access to current test data, or medical test data from clients in other places.

A few of those test data include very sensitive health data that attackers can potentially use for blackmail. The sensitive information includes names, dates of birth, email addresses, usernames, passwords, and health card numbers. At this point, it seems that the compromised data were not yet misused nor disclosed on the internet. According to the preliminary results of the investigation, the incident has a low risk to clients.

It is not clear if LifeLabs had data backups to retrieve the information, however, the company decided to pay the ransom demand. LifeLabs did not publicly disclose the amount of the ransom. LifeLabs chief executive officer Charles Brown said that they wanted the data back and thought that paying the ransom was the smart thing to do for the best interests of their customers.

Cybersecurity and computer forensics specialists are securing LifeLabs’ systems and finding out the full extent of the ransomware attack. More time may be necessary to know if the attackers stole any customer data.

It is believed that the attack began on or before November 1, 2019. However, the cyberattack became known to the public only on December 17, 2019. LifeLabs already notified the affected people and offered them 12 months of free credit monitoring and identity theft protection services.