LifeLabs Identified Digital Attack that Possibly Exposed 15M Customers' Data

LifeLabs identified a digital attack that potentially exposed the personal information of approximately 15 million of its customers. In a letter to all of its customers, LifeLabs President and CEO Charles Brown explained that malicious actors gained unauthorized access to systems containing customers' data. That information included a customer's name, address, email, login, password, date of birth, health card number and lab test results. Brown didn't provide details about the origin of the attack or who was responsible for it in the notice. However, he did note that the Canadian laboratory testing company had engaged digital security experts to help isolate and secure the affected systems, determine the scope of the breach and make security improvements. He also said that LifeLabs had been able to retrieve the information potentially exposed by the attackers by paying a ransom "in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals." Overall, Brown said that the incident might have affected approximately 15 million customers' personal information and about 85,000 customers' lab results. He said that all of those customers will be receiving offers to enroll in complementary identity theft and fraud protection insurance offered by the company. Irfahn Khimji, country manger for Canada at Tripwire, feels that LifeLabs' customers should be taking additional steps to protect themselves in the meantime:

There have been many breaches that have impacted many Canadians this past year. This latest one hits a little closer to home as it directly impacts the medical records of our families and loved ones. While some of the information compromised cannot be changed, there is some due diligence that consumers can take. If one’s login credentials used to access the LifeLabs portal are used on other sites, it is a good idea to change those passwords as well as consider using a password manager moving forward. Where possible, it is also a good idea to enable multi-factor authentication.

They can also use these additional steps to further protect themselves against the threat of identity theft. Khimji went on to add that "the results of this investigation are highly anticipated. All organizations should use this as a wake up call that security is not just a check box for compliance." With that said, he stated his belief that organizations should take this opportunity to visit their own security controls to ensure they are adequately deployed. "A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are," Khimji explained. "Changes to those systems should also be monitored so that as soon as there is a change that takes the system out of a hardened state or a high severity vulnerability is introduced remediation steps can be taken." Learn how Tripwire's solutions can help strengthen your organization's security here.