LifeLabs says it paid ransom to secure millions of customers’ stolen medical data

This has been widely reported. The speculation is mostly about what the attack method was, how much was paid out, and is it covered by insurance. I’ll publish answers when I have them…:

VANCOUVER — Medical test provider LifeLabs says it paid a ransom to retrieve stolen data, after the personal information of 15 million customers was breached in a cyberattack on the company’s computer systems.

The medical testing company said in a statement on Tuesday that cyber criminals may have accessed the personal information of over 15 million customers, mostly in B.C. and Ontario, including “name, address, email, login, passwords, date of birth, health card number and lab test results” in late October.

The data breaches involving medical test results affected 85,000 customers from 2016 or earlier located in Ontario. LifeLabs said they will be notifying these individuals directly.

LifeLabs is Canada’s largest provider of diagnostic testing services, such as blood tests, genetic tests, heart monitoring and more.

“I’m sorry this happened and we’ll do everything we can to win back the confidence of our customers,” LifeLabs chief executive Charles Brown told The Canadian Press.

He called the incursion a sophisticated attack that is a wake-up call for the industry.

“Whether you’re a private company, a government, a hospital, we’re all seeing these attacks rise and there’s more and more of them and we’ve collectively got to do more to make sure all our customers feel secure.”

The Toronto-based company declined to say how much money was paid to secure the data, but that it was done “in collaboration with experts familiar with cyberattacks and negotiations with cyber criminals.”

Original article here