LifeLabs, one of the largest medical testing and diagnostics firms in Canada, has been attacked with ransomware. The attack is believed to have occurred on or before November 1, 2019, although the cyberattack has only recently been announced.
After careful consideration, the decision was taken to pay the ransom to recover customer data. The payment was made through a company that specializes in dealing with ransomware attacks. The ransom amount was not publicly disclosed. It is not clear whether LifeLabs had the option of recovering data from backups.
Exact details on the nature of the attack have not been disclosed, such as the ransomware variant involved or how it was installed on LifeLabs’ systems. What is known is the attackers gained access to parts of its systems that contained the personal and health data of up to 15 million customers.
The medical test results of at least 85,000 of those customers was potentially stolen. Those customers were all based in Ontario and the test results were from 2016 or earlier. Test results of customers in other provinces are not believed to have been compromised. Early reports that the 85,000 test results were exfiltrated from its systems have not been independently verified.
According to a statement released by LifeLabs, most of the data included names, email addresses, home addresses, dates of birth, health card numbers, and logins and passwords. Systems have been secured and data has been restored, although the investigation into the breach is continuing. Steps have also been taken to improve security.
The incident was reported to law enforcement and an investigation has been launched, privacy commissioners were informed of the breach on November 1, 2019, and affected individuals are now being notified. Complimentary credit monitoring and identity theft protection services have been offered.
Based on the findings of the investigation the risk to affected customers is believed to be low. Cybersecurity experts have confirmed that customer data has not been uploaded to dark web marketplaces or other online locations and no reports of misuse of customer data have been received.
The number of ransomware attacks on healthcare organizations has soared in recent months and several attacks have been reported in the past two weeks alone. In addition to targeting healthcare providers directly, managed service providers serving the healthcare industry are also being targeted. One attack on an MSP serving dental practices resulted in ransomware being installed on the systems of more than 100 dental offices. Another MSP attack impacted more than 110 nursing homes.