LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers.
The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorisedly accessed its computer systems last month and stole customers’ information, including their:
- Email addresses
- Login information
- Passwords, for their LifeLabs account
- Dates of birth
- Health card numbers
- Lab test results
The Toronto-based company discovered the data breach at the end of October, but the press release does not say anything about the identity of the attacker(s) and how they managed to infiltrate its systems.
However, LifeLabs admitted it paid an undisclosed amount of ransom to the hackers to retrieve the stolen data, which indicates that the attack might have been carried out using a ransomware style malware with data exfiltration abilities.
“Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cybercriminals,” the company said while announcing several measures it took to protect its customers’ information.
LifeLabs also said the majority of affected customers, who used its labs for diagnostic, naturopathic, and genetic tests, reside in British Columbia and Ontario, with relatively few customers in other locations.
“In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly,” the press release read.
“Our investigation to date indicates any instance of health care information was from 2016 or earlier.”
LifeLabs said it immediately involved “world-class cybersecurity experts” to isolate and secure the affected computer systems and determine the scope of the cyber attack.
images from Hacker News