CyberSecurity updates
Updated: 2024-12-04 13:07:16 Pacfic

Malwarebytes
LifeLabs Data Breach Exposes Millions of Canadians' Records - 6d
Read more: www.malwarebytes.com

A major data breach at LifeLabs, a prominent Canadian medical testing company, has exposed the sensitive information of millions of Canadians. In 2019, a ransomware attack compromised the lab results of 15 million individuals and the personally identifiable information (PII) of 8.6 million more. This included data such as names, addresses, emails, logins, passwords, dates of birth, and health card numbers. The incident highlighted serious failures in LifeLabs' data protection measures and a significant delay in notifying affected individuals.

The delayed notification was a result of LifeLabs' failure to implement a process for notifying individuals about compromised health information without requiring formal access requests. A report, completed in 2020 but suppressed by LifeLabs in court for four years, revealed significant shortcomings in the company's cybersecurity practices. The report detailed LifeLabs' failure to take reasonable steps to protect the data in its custody, its non-compliance with relevant privacy acts, and its collection of more personal information than necessary.

LifeLabs ultimately paid a ransom to retrieve the stolen data, claiming that the risk to customers was low. However, the delayed public disclosure and the report's findings underscore the severity of the breach and LifeLabs' inadequate data security measures. The incident serves as a stark reminder of the vulnerability of sensitive personal and health data and the critical need for robust cybersecurity practices within the healthcare sector.


This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.