Skip to content
Jobs | Contact | Tip line: 705-673-0123

LifeLabs paid ransom to secure personal info of 15 million people after hack

Company outlined steps it took in letter to its customers
Medical lab assistant Carrie Repay tests samples at LifeLabs Medical Laboratory Services' Thunder Bay facility. (Supplied)

LifeLabs says the personal information of some 15 million Canadians, mainly in Ontario and B.C., is safe after the company paid a ransom following a cyberattack this week.

The company is Canada's largest provider of general diagnostic and specialty laboratory testing services. There are five LifeLabs locations in Greater Sudbury alone.

On Tuesday, the company said it paid a ransom to retrieve the personal information of millions of customers. The systems accessed by the breach contained the information of approximately 15 million Canadians, information that was potentially accessed in the hack.

That customer information could include names, addresses, emails, login information, passwords, dates of birth, health card numbers and lab test results.

According to published reports, the breach happened at the end of October, but the public wasn't notified for some five weeks for fear of further attacks.

In a letter to customers, LifeLabs president and CEO Charles Brown apologized and said the risk to customers from the hack is low. The letter doesn't says who is behind the attack or where it originated.

"I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations," Brown wrote.

He confirmed LifeLabs retrieved the data by making a payment "in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals."

Brown said provincial privacy commissioners have been notified of the breach, but said customers are "entitled to file a complaint" with the privacy commission in their respective provinces, should they wish to do so.

As well, Brown said "system issues" related to the crime have been fixed and LifeLabs is working "around the clock to put in place additional safeguards to protect your information."

"The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations," Brown writes in the letter. "In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier."

Besides making the payment, Brown writes in the letter LifeLabs has taken several steps to further protect sensitive customer information, including: 

  • Immediately engaging with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the breach;
  • Further strengthening our systems to deter future incidents;
  • Engaging with law enforcement, who are currently investigating the matter; and
  • Offering cyber security protection services to our customers, such as identity theft and fraud protection insurance.