Cyber Incident Victim: LifeLabs Medical Laboratory Services
Date:
Dec 2019
Location:
Canada
Summary
A major Canadian medical laboratory company experienced a significant cyberattack resulting in the theft of sensitive customer data, including lab results for 85,000 Ontarians and personal information such as names, addresses, login credentials, birthdates, and health card numbers for up to 15 million individuals. The organization paid an undisclosed ransom to retrieve the compromised data and engaged cybersecurity experts who assessed the risk of public disclosure as low based on dark web monitoring and prior breach patterns. Affected customers were offered one year of identity theft insurance and dark web monitoring services, while provincial privacy commissioners launched investigations into the incident. The breach highlighted growing concerns about cyberattacks targeting healthcare entities and their responsibility to safeguard personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late 2019, LifeLabs Medical Laboratory Services disclosed a cyberattack that compromised sensitive data of up to 15 million customers, primarily in British Columbia and Ontario. Hackers accessed systems containing lab results for 85,000 Ontarians and personal information including names, addresses, email addresses, login credentials, passwords, dates of birth, and health card numbers. The company paid an undisclosed ransom to retrieve the stolen data, engaging cybersecurity experts to investigate the breach and assess risks. These experts determined the risk to customers was low, citing no evidence of public data disclosure during dark web monitoring and online surveillance. LifeLabs notified provincial privacy commissioners of the incident, prompting investigations into the breach. The company offered affected customers one year of complimentary identity theft insurance and dark web monitoring services as remediation. CEO Charles Brown confirmed LifeLabs carried cyberinsurance but declined to specify coverage details.
The breach occurred against a backdrop of increasing ransomware attacks across North America, where hackers typically infiltrate systems to extort payment for data return. LifeLabs, Canada’s largest laboratory testing provider performing 112 million annual tests across 382 collection centers, became dominant after acquiring B.C. Biomedical Laboratories and CML HealthCare in 2013. Owned by Ontario Municipal Employees Retirement System’s investment arm, the company faced operational pressures common to provincially funded health services. This incident marked a rare compromise of healthcare data compared to contemporaneous breaches like the Desjardins Group leak caused by a rogue employee. Ontario’s Privacy Commissioner emphasized institutional responsibility for data security amid rising cybercrime. While LifeLabs’ cybersecurity consultants cited low risks based on precedent cases where ransoms prevented data exposure, the breach’s technical specifics remained undisclosed. Globally, similar large-scale data thefts at Marriott and Equifax had not significantly impacted investor confidence in affected corporations.