LifeLabs Canada looses lab data of 85K customers and waits 1 month to inform ppl

35 points by mschwanzer ↗ HN
Life Labs just sent me an email (Sunday 19th Jan. 2020 [0]) informing me that they became aware of unauthorized access to their computer systems. This was in the media a month ago [1]

The data that was accessed / copied / sold / we might never know, includes, as Life Labs email has it: Lab test results, your security question, phone number, health card number and everything else (address, phone email, etc).

This email says that I might not be one of the 85,000! lab test customers impacted. However, why would they wait a month to email their customers about it?

Based on the fact that LifeLabs paid ransom [1] should allow us to assume that they have been negligent about protecting our most sensitive data in the first place. No “proper” health company would need to pay ransom (they would have backups of their data)?!?!

How can the CEO of LifeLabs go on TV to tell a story of how they are a victim of cyber crime when they did not even bother to inform their own clients about the breach for a month? And this is very serious data, not just what ads you watch, it’s your blood work, it’s your health record, it’s data that was not online yet.

[0] https://customernotice.lifelabs.com/?source=pwr [1] https://www.theglobeandmail.com/business/article-lifelabs-pays-ransom-after-massive-data-breach-affecting-up-to-1/

2 comments

[ 3.1 ms ] story [ 15.1 ms ] thread
Did they pay the ransom to retrieve the data or just to prevent its release/sale?
Is this another breach or the one that happened last year?