Medical testing company LifeLabs failed to protect customer data, report finds


In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen.

After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both British Columbia and Ontario finished writing a report about the incident in 2020 but LifeLabs managed to hold that up in court for four years. Now the report is publicly available and some of the findings are both shocking and unsurprising.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter


Related:

  • Three Quarters of UK Firms Reported Data Breaches or Infections in 2016

    March 17, 2017

    Security issues among British companies are extremely high, with 75% of firms admitting they have experienced a data breach in the last year. The data comes from a research ordered by Cyren, a cloud-based security company, and indicates that when it comes to businesses with 1000 or fewer employees, the figure rises to 85%. “There is a ...

  • Yahoo: 32 Million Accounts Accessed via Cookie Forging Attack

    March 2, 2017

    An unauthorized third party accessed the company’s proprietary code and learned how to forge cookies. Yahoo believes this is the same actor that caused the 2014 data breach. “The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016,” Yahoo discloses in ...

  • Yahoo offers new details on breaches to Senate committee

    February 28, 2017

    Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving the company’s cybersecurity posture. Employees have also received weekly security presentations from Yahoo CISO Bob Lord at the company’s all-hands meetings. The new working sessions and briefings are part of an ...

  • Boeing Notifies 36,000 Employees Following Breach

    February 27, 2017

    A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. News of the breach surfaced earlier this month after a letter (.PDF) from Boeing’s Deputy Chief Privacy Officer Marie Olson, to the Attorney General for the state of Washington Bob ...

  • How to Bury a Major Breach Notification

    February 21, 2017

    Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the ...

  • Why Cybersecurity Should Be The CFO’s Job

    January 31, 2017

    Cyber risk is a 21st century business reality and something that can’t be ignored. The sheer pervasiveness of these risks, matched with the evolution into far more complex attacks, means the C-Suite has to get serious about managing cybersecurity. I sat down with Steffan Tomlinson this month, CFO of Palo Alto Networks, who explains why ...