The personal information of 15 million Canadians may have been exposed after a company that performs diagnostic, naturopathic, and genetic tests had its computer systems hacked.
LifeLabs announced the breach on its website, saying it discovered the hack through “proactive surveillance.”
The open letter from company president and CEO Charles Brown says the “cyberattack involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.”
The company adds that the majority of affected customers are from B.C. and Ontario.
Labs results of 85,000 customers in Ontario were compromised, the company said. Results are from tests performed in 2016 or earlier.
Brown says the company has taken several steps to address the situation including strengthening their computer system to deter future attacks, and working with police.
LifeLabs admits that it paid off the hackers to retrieve the stolen data, saying it did so “in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.”
The Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC) are investigating.
“An attack of this scale is extremely troubling,” Brian Beamish, Information and Privacy Commissioner of Ontario, said in a release. “I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant.”
“Cyberattacks are growing criminal phenomena and perpetrators are becoming increasingly sophisticated. Public institutions and healthcare organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”