14 DAY TRIAL // Canadian laboratory testing firm LifeLabs revealed that it paid hackers to return information stolen after a data breach and exposing some 15 million customers.
The breach took place in October and included sensitive patient information, such as names, addresses, logins and passwords, health card numbers, dates of birth.
Charles Brown, President and CEO, explains that most customers are based in B.C. and Ontario, “with relatively few customers in other locations.”
“While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this breach and they are investigating the matter. We have also notified our government partners,” Brown stated.
Investigation under way
The CEO explains in a letter to customers that LifeLabs is already working with law enforcement on a thorough investigation, explaining that after negotiations with the hackers and based on recommendations from industry experts, the company decided to pay the ransom to retrieve the stolen data.
“Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals,” Brown said when indicating the measures that the company took to deal with the cyberattack.
Additionally, customers will also be offered cyber security protection that includes identity theft and fraud protection insurance, just in case the data is exposed online. However, there’s no evidence of a public leak so far.
“I am deeply concerned about this matter. The breach of sensitive personal health information can be devastating to those who are affected,” says Michael McEvoy, Information, and Privacy Commissioner for BC. “Our independent offices are committed to thoroughly investigating this breach. We will publicly report our findings and recommendations once our work is complete.”
Affected customers will also be notified directly about the breach, the LifeLabs official promises.