Posted on December 18, 2019 at 1:10 PM
LifeLabs Turns to Hackers to Regain Access to Stolen Data of 15 Million Customers
Last month, there was a ransomware attack on LifeLabs OIPC and IPC offices. According to LifeLabs, hackers breached their network and stole valuable data containing customers’ personal information. The hackers later demanded a ransom before they could release the stolen data.
After advice from several cybersecurity services, the company has finally agreed to pay an undisclosed amount to the hackers to recover the customer data. The hackers stole 85,000 laboratory test results and the data of 15 million customers from the company’s database.
LifeLabs is a Canadian company that provides laboratory and testing services. The company revealed that hackers attacked its platform as personal information of the customers in British Columbia and Ontario was stolen. The hacked data include lab tests, health card numbers, usernames and passwords, emails, addresses, and names of the customers.
Companies have to improve on cybersecurity
Ontario’s Information and Privacy Commissioner, Brian Beamish, recently released a statement regarding the attack. According to him, the cyberattack of this nature is highly disturbing. He pointed out that the commission is very sorry for the attack on their space as those who are affected would be distressed.
He advised that institutions should see this as a reminder to beef up their security and be very vigilant towards their highly sensitive information. The numbers of cyberattacks are increasing in a high proportion because perpetrators are getting smarter by the day. According to him, all institutions should get smarter in how they protect their data.
He further said that no matter which industry you operate, as long as you have a network where customers’ information is stored, you are susceptible to these attacks. The right thing to do is to fight this cyber menace collectively. Since hackers are using sophisticated means to breach networks, companies need to braze up and improve their cybersecurity framework.
They should use their resources to deploy the best possible ways to protect their data. Brian further stated that the cost of protecting their data is far lesser than the cost the institution will bear when they are hacked.
Health organizations and public institutions should be responsible for any personal information kept in their custody. As a result, they should devise a more sophisticated means of protecting the personal information and data of their customers, he reiterated.
Ransom amount still unknown
LifeLabs has confirmed that it has given hackers responsible for the stolen data, an undisclosed ransom, to gain back access to the data. The company admitted today that it had to take this option after receiving advice from cyber attack experts who are familiar with issues of this nature. LifeLabs also said after a series of negotiations with the cybercriminals, it has to pay them off to retrieve the data. The ransom amount was not revealed, and the spokesman of the company wasn’t available to disclose the amount either.
LifeLab still focuses on service customers’ best interest
CEO and President of LifeLabs, Charles Brown, has also apologized on behalf of the company. He said the company and the entire staff is very sorry for the hacking incident. Charles further commented that he and his team are continually focused on serving the best interest of customers.
When customers keep their personal information in the custody of the institution, it’s the responsibility of the institution to protect that information properly.
According to him, LifeLabs takes the security and safety of its customers’ data very seriously. He, however, stressed that stakeholders had advised the institution that the risk for this cyberattack is not high. According to Charles, since the attack, the stolen data has not been disclosed publicly. Also, he said his team has been monitoring the dark web, and there is no incident or offer of such data on those forums.
LifeLabs equally stated that the company had taken the necessary measures to correct the errors in the affected systems as well as their networks. Also, the team has accepted to provide cybersecurity protection, particularly on fraud and identity theft to its affected customers.