The LifeLabs ransomware attack exposed a data breach that affected 10 million people in Ontario, and 5 million in BC. Information including Patient names, addresses, birthdates, email addresses, customer logins and passwords, health card numbers and lab test results were possibly exposed by the breach.
LifeLabs paid an undisclosed ransom amount to prevent the data from being leaked out onto the dark web by cybercriminals. So far, it appears the breach has been contained because the information has not surfaced. So what’s happening now?
In a recent update LifeLabs President and CEO Charles Brown said, “we have enhanced and accelerated our Information Security Management program through an initial $50 million investment, backing our plan to achieve ISO 27001 certification- a gold standard in information security management that is achieved by only a small number of organizations. LifeLab continues to deploy cyber security firms to monitor the dark web and other online locations for information related to the cyber-attack.” In addition, LifeLabs has appointed a Chief Information Security Officer (CISO) as well as a Chief Information Officer (CIO) and a Chief Privacy Officer (CPO). The company also promised that all of its staff will undergo regular annual cyber security and privacy awareness training.
This digital dirty laundry involving payouts to criminals suggests that LifeLabs didn’t take their cyber security as seriously as they should have.
Brown now says that cyber security is a top priority for LifeLabs. “2019’s cyber-attack is a strong reminder that we must continuously work to protect ourselves against cybercrime. Data protection and privacy are now central to everything we do. In fact, through our partnership with experts, the healthcare sector, governments, and IT companies, LifeLabs is making a commitment to become a global leader in protecting healthcare data.”
People in Ontario and BC who use LifeLabs are asking why didn't LifeLabs address their security weaknesses beforehand? And what will the Government Privacy Office do about this?
LifeLabs is still committed to providing one full year of free cyber protection services including dark web monitoring and identity theft insurance. Patients and customers can still register for these services until the end of 2020 by calling 1-888-221-2082.
#Ransomware #LifeLabs #Privacy #DataBreach