Medical company paid a hacker group to recover records of 15 million patients

A new cybersecurity incident has seriously impacted a major company. LifeLabs, Canada’s leading provider of clinical analysis services recently acknowledged that it suffered a cyberattack for which it had to pay a considerable amount to hackers to retrieve compromised information. This is perhaps the largest data breach in Canada’s history, so the cybersecurity community recommends conducting a thorough investigation to determine the exact causes and consequences.

The incident would have occurred last October, affecting millions of Canadian citizens, who are now suffering from the exposure of multiple personal details such as:

  • Full names
  • Addresses
  • Birth dates
  • Login details

The company’s IT team would have decided to pay a ransom to hackers to keep the data secure, for which the collaboration of cybersecurity experts was requested. On the company’s website there is a special section to resolve the doubts of users concerned about the status of their information.

Dominic Vogel, director of security firm Cyber SC, says that incidents of this magnitude often bring major changes in the security policies and protocols of companies: “This is a decisive moment, not only for the affected firm, but for the companies operating in Canada, we’ll have to wait to see if the company is up to the challenge ahead in the coming months,” he said.

An example of the complex scenario a company faces after suffering a data breach is the incident that occurred a few months ago at the Desjardins financial union. Although this was a massive data breach, the company’s incident handling proved decisive, cybersecurity experts say. After exposing information, Desjardins took the necessary steps to prevent the problem from spreading, as well as taking care of protecting the compromised information, preventing it from being used for malicious purposes, such as identity theft.

After initial calculations of the incident, it is estimated that around 15 million Canadian citizens could be affected, so this could be the largest data breach in the history of this country.

On the other hand, the information commissioners of Ontario and British Columbia, two of the provinces most affected, are already investigating the data gap, however, cybersecurity experts say that there is not yet enough information available to determine whether this has been the company’s fault, whether it is a failure of an external vendor or whether it is a sophisticated cyberattack.

If there’s one thing that’s for sure, it’s that the Canadian authorities will thoroughly investigate the incident to show their commitment to the security of citizens’ information. Subsequently, one of the possible scenarios, according to experts from the International Institute of Cyber Security (IICS) is for Canada to use LifeLabs as an example, as the growing number of cybersecurity incidents is of concern to the authorities and, so far, companies seem not to learn from the mistakes of the past.