LifeLabs pays ransom to get 15M patients' records back

LifeLabs releases a report about what type of customer data was put at risk after exposure

LifeLabs data breach included the users' names, surnames, emails, addresses, some healthcare-based information, etc.

LifeLabs^[1] is a healthcare-related company, located in Canada, that provides laboratory diagnoses. This organization has faced a data breach on November 1st, 2019 that affected around 15 million patients' records, 85,000 of which got their medical examination results revealed to hackers also.

According to the official report, the bad actors got hold of information such as the names and surnames, residence addresses, email addresses, usernames and passwords of the people's account, and the codes of health cards from 2016 and other past years before this date.^[2]

LifeLabs has sincerely apologized to all of their customers for this incident happening. The company claims that they take the users' private information very seriously and are the most focused on their customers' online safety:^[3]

Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.

The company claims to have paid the hacker to regain access to the lost data

LifeLabs claims that they have negotiated with the cybercriminals and agreed to pay the demanded ransom to gain access back to lost information. However, there are no accurate details about the amount of money transferred.

Continuously, the company claims that they have already fixed all the problems that were related to the data breach incident and added additional security to keep the customers' data even safer:

We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information. In the interest of transparency and as required by privacy regulations, we are making this announcement to notify all customers.

Also, the organization claims that the biggest number of affected people is located in Ontario and British Columbia.^[4] Gladly, LifeLabs stated that there is no evidence that the cybercriminals would have widely exposed the leaked private information. Despite the fact that this cybercrime affected millions of patients, none of them appear to be harmed.

In addition, LifeLabs has recently engaged in various security procedures involving law enforcement agencies and there is an ongoing investigation regarding the incident. Furthermore, the company offers all of its customers various protection services, including fraud protection insurance and safety from identity theft.

Things you can do on your own to secure personal information

Data breach incidents come to the surface very often nowadays as a big variety of hackers is targetting personal information constantly. Even though the crooks most often look for worldwide organizations so that they could gather a big number of details per one session and security is mostly the company's problem, there are some things that you can do to.

First, while you are creating a new user account when applying for any type of service, you should generate strong and reliable passwords. Add some symbols, letters, numbers, and mix them all together so the password will not be easily guessable. Continuously, enable two-factor or multi-factor authentication^[5] to strengthen your account's protection.