Medical laboratory pays ransom after 15 million patients steal data

[ad_1]

LifeLabs, one of Canada's largest groups of medical laboratories, was the victim of a cyber attack in early November. The company announced it in a letter published on its site on December 17, 2019. "I apologize that this happened", can we read in the document signed by Charles Brown, director of LifeLabs.

Data from half of the Canadian population

This incident concerns "data from 15 million patients"in Ontario and British Columbia, which represents about one in two Canadians. Beyond the number, it is the nature of the stolen information that is worrying: name, address, e-mail, password, date of birth, social security number and results of medical analyzes carried out before and in 2016. The risk would be "low"because the Canadian company's cybersecurity teams have not noticed"no public disclosure as part of their investigations".

The company was probably the victim of a ransomware because Charles Brown said that he had agreed to pay a ransom … without indicating the amount. "We did it in collaboration with experts familiar with cyber attacks and negotiations with cyber criminals", can be read in the letter. LifeLabs has also indicated its desire to strengthen its capacities to avoid a recurrence. It also offers these customers"one year of free protection that includes dark web monitoring and identity theft insurance".

An increase in cyberattacks in the health field

An investigation has been opened and is being coordinated by the privacy commissions of two affected provinces. They will need to determine the extent and the circumstances that led to the breach.

Cyber ​​attacks on health organizations are exploding. The reason is simple: health data has a significant monetary value and therefore easily resold by hackers. On December 16, 2019, we learned that the American group Hackensack Meridian Health – owner of several hospitals – paid a large ransom to free itself from the clutches of a ransomware. In France, the Rouen University Hospital Center suffered the thunderbolts of a cyber attack in November 2019.

[ad_2]