Skip to content

LifeLabs targeted in cyber-attack, with files of up to 15-million patients at risk

The company, which has four labs in Kamloops, paid a ransom to the cyber-attackers
LifeLabs

Personal information of up to 15-million LifeLabs patients, primarily in B.C. and Ontario, may have been accessed during a cyberattack on the company’s computer systems.

LifeLabs has four clinics in Kamloops — two downtown, one in Aberdeen and one in North Kamloops.

According to a statement from the company, released on Tuesday, Dec. 17, hackers gained access to the computer system that held customer information that could include names, addresses, email addresses, login user names and passwords, dates of birth, health card numbers and lab test results.

The access was accompanied by a ransom demand, which LifeLabs paid.

LifeLabs said it retained outside cybersecurity consultants to investigate and assist with restoring the security of its data. The company also reported the cyberattacks to the Ontario and B.C. information and privacy commissioners on Nov. 1.

Tuesday’s statement included an open letter to patients from LifeLabs president and CEO Charles Brown, who said “our cyber security firms have advised that the risk to our patients in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.”

Brown said LifeLabs took several measures to protect patient information following the cyberattack, including:

• immediately hiring “world-class cyber security experts” to isolate and secure the affected systems and determine the scope of the attack;

• further strengthening the company’s systems to deter future incidents;

• retrieving the data by making a payment, doing so in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals;

• engaging with law enforcement, who are investigating the matter;

• offering cyber-security protection services to LifeLabs patients, such as identity theft and fraud protection insurance.

"There is information relating to approximately 15-million customers on the computer systems that were potentially accessed in this breach,” Brown said in his open letter.

“The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations. In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health-card information was from 2016 or earlier.”

B.C. Information and Privacy Commissioner Michael McEvoy said he is “deeply concerned” about the cyber-attack and access to personal information of LifeLabs patients.

“The breach of sensitive personal health information can be devastating to those who are affected,” he said. “Our independent offices are committed to thoroughly investigating this breach.”

LifeLabs has set up a dedicated phone line and information on its website for those affected by the breach. To find out more, the public should go online to customernotice.lifelabs.com or contact LifeLabs at 1-888-918-0467.

In January 2013, patient information for 16,100 Kamloops-area residents was on a computer hard drive that went missing as it was being transferred by LifeLabs to Burnaby from Kamloops.