Hackers may have obtained the personal data — including addresses, customer logins and passwords, birthdays, lab results and health care numbers — of nearly 15 million medical patients in a recent cyber-attack on LifeLabs' computer systems.
LifeLabs, a healthcare and laboratory testing company, notified the offices of the information and privacy commissioners in B.C. (OIPC) and Ontario (IPC) of the “potential cyber-attack” Nov. 1, according to a joint press release by the privacy officials.
The company then advised the offices that the cyber criminals had extracted patient data and demanded a ransom.
LifeLabs, which has has six locations in Richmond, including on No. 3 Road near Cook Road and Blundell Road near No. 2 Road, published an open letter on its website Tuesday in response to the cyber-attack.
In the letter, LifeLabs president and CEO Charles Brown said the company has taken several measures to protect customer information, including retaining “world-class cyber security experts” to identify the scope of the breach and secure the affected systems; retrieving the data by making a payment; and notifying the OIPC and IPC.
The company, which said it has fixed the system issues related to the attack, is also offering one year of free cyber security protection services to all customers, which include identity theft and fraud protection insurance.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low,” said Brown in the letter, adding that the firms are monitoring the dark web and other online locations, and haven’t seen any disclosure of customer data.
LifeLabs is also working to notify the 85,000 patients in Ontario whose lab test results were accessed, and said that the majority of this data as well as health card information dated to 2016 or earlier.
The OIPC and IPC are conducting a joint investigation into the cyber-attack, and are working with other jurisdictions with affected customers.
“I am deeply concerned about this matter,” said Michael McEvoy, information and privacy commissioner for B.C.
“The breach of sensitive personal health information can be devastating to those who are affected.”
The commissioners will publicly report their findings once the investigation is completed, according to the privacy officials’ press release.
LifeLabs has set up a dedicated phone line at 1-888-918-0467 for customers concerned about or affected by the attack, or who wish to obtain the free cyber security protection services.