Lab test results stolen in hack of 15 million patients' records
An open letter from a medical testing company is never a good thing.
A Canadian company specializing in administering laboratory tests, LifeLabs, announced on Dec. 17 that it had been the victim of a data breach affecting up to 15 million customers. And yes, at least some of those patients' test results were reportedly accessed by the unnamed culprits.
While a lot of questions still remain, what details we do have aren't exactly reassuring. For example, LifeLabs claims it discovered the breach in October, but says it's only notifying patients now in mid-December — after hiring outside security experts — because it wanted to make sure it understood the scope of the mess.
That it took over a month to determine that scope perhaps speaks to what a mess it is.
According to the company's announcement, hackers could have accessed customers' names, addresses, emails, login credentials, passwords, birthdays, health card numbers, and lab test results.
Although, it should be noted, LifeLabs insists that only 85,000 customers may have had their test results accessed. Oh, phew.
This Tweet is currently unavailable. It might be loading or has been removed.
Interestingly, LifeLabs claims that, following the hack, one of the measures it took to protect its customers was "Retrieving the data by making a payment."
It's not clear how LifeLabs could have ensured that any stolen data, once retrieved, was truly deleted. Although, to be fair, such a move wouldn't be unprecedented.
Another possibility, one that went unmentioned in the breach announcement, is that LifeLabs was the victim of ransomware. For the blissfully unaware, ransomware is a type of malicious software that encrypts a victim's data. Once encrypted, the very hackers that infected the victim's system promise to decrypt it — for a price. This would, at the very least, explain that rather odd "payment."
LifeLabs is offering customers "Dark Web Monitoring," "Identity theft insurance," and "TransUnion credit monitoring alerts," though we imagine that won't placate those affected.
"While we’ve been taking steps over the last several years to strengthen our cyber defenses," wrote LifeLabs president and CEO Charles Brown, "this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors."
Indeed.
Topics Cybersecurity
