The OIPC said LifeLabs reported a potential cyberattack on Nov. 1 and soon after, confirmed that cyber criminals penetrated the company's systems, took data and demanded a ransom. LifeLabs said in a statement that it's making a payment in the hopes of retrieving the data, which is being done in collaboration with cyber-attack experts.
In a statement, LifeLabs president and CEO said he's "sorry that this happened."
"As we manage through this issue, my team and I remain focused on the best interests of our customers," Charles Brown said in a statement. "You entrust us with important health information, and we take that responsibility very seriously."LifeLabs says it will contact 85,000 customers who went to a lab in Ontario in 2016 or earlier because their lab test results may have been impacted.
A dedicated phone line (1-888-918-0467) has also been set up where people can inquire about further information and the company is offering 12 months of "protection that includes dark web monitoring and identity theft insurance" through TransUnion.To access that service, customers will need to call the dedicated phone line and ask for an activation code.
Moving forward, LifeLabs says it has asked outside cybersecurity consultants to investigate and help with restoring security of the data.
LifeLabs also says it's fixed the affected systems and that the majority of the information on the relevant computer belongs to B.C. and Ontario customers with "relatively few" customers impacted in other areas. "I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations," Brown's statement says.Meanwhile, the co-ordinated investigation between Ontario and B.C. privacy offices will take a look at the scope of the breach, what led to it and if LifeLabs could have prevented the situation altogether.
"I am deeply concerned about this matter," said Michael McEvoy, privacy commissioner for B.C., in a news release."The breach of sensitive personal health information can be devastating to those who are affected. Our independent offices are committed to thoroughly investigating this breach. We will publicly report our findings and recommendations once our work is complete."
With files from CTV News' Adam Ward
Have you been contacted by LifeLabs as a victim of the data breach? Tell us your story at [email protected]