Lifelabs buckles and pays ransom for its data

News

Canadian health diagnostics company conceded paying to cyber-criminals to retrieve customer data stolen in a recent cyber-attack

Canadian health diagnostics firm LifeLabs joins the list of healthcare entities that bucked before ransomware threat. The company conceded "retrieving the data by making a payment" to cyber-criminals to retrieve customer data stolen in a recent cyber-attack.

"We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals," said company president and CEO Charles Brown in an open letter, without disclosing the details of the amount or perpetrators.

The customer data accessed in the attack "could include name, address, email, login, passwords, date of birth, health card number and lab test results", said the letter.

The database accessed contained information on about 15 million of its customers, most of whom are from British Columbia and Ontario with a few in other provinces. The lab test results involved cover 85,000 from Ontario from 2016 and earlier.

"Our cyber-security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations," Brown said in the letter.

However, it will take a thorough investigation by the relevant authorities to confirm that other cyber-criminals have not had access to the data, noted Brian Higgins, security specialist at Comparitech.com.

"By far, the most critical threat to LifeLabs customers is further exploitation by criminal organisations. The entire consumer community will understandably be worried that their personal, medical data has been breached and it is this concern that makes them vulnerable to further criminal attack," he said. 

"This attack will have serious personal impact upon all of those involved. It would be tragic if the consequences were compounded by victims sharing even more personal information.

Under no circumstances whatsoever should any current or previous customers respond to any unsolicited communication from LifeLabs." he warned.

Data breaches in healthcare sector costs £5.2 million on average, almost double that of the global average of £3.2 million. Cyber-security experts say the figure is set to rise, SC Media UK reported in September.

The company’s claims to have worked with cyber-companies to look on the dark web for customer data does not guarantee privacy for their customers, noted Cybereason CSO Sam Curry.

"The data can be sold in many places on the dark web, as it isn't a single chat room with shady types in it, and it can be put to use elsewhere too, now or in the future," he said. 

With ransomware use declining and cyber-criminals looking for other ways to monetise stolen information, data ransomers have started resorting to expose data and name recent victim companies that chose to rebuild their operations instead of paying up, SC Media UK reported this week.

However, ransomware attacks still remain common because they’re profitable for the attackers, observed Gurucul CEO Saryu Nayyar.

"Ransomware is also one of the most basic cyber-attack vectors to defend against. It can be foiled by a couple of tactics that have long been in use – patches and backups. Ransomware usually relies on human error or unpatched vulnerabilities to succeed. When it does succeed, and the victim doesn’t have backups, the attacker’s extortion tactics often work," she said.

Overburdened IT departments would hardly have the time or the tools to get the security basics right, so every organisation should use two factor authentication to block brute force attacks, perform regular backups of valuable data, deploy patches and updates immediately to stop known threats, and provide each critical system with a unique and frequently updated password, she suggested. 

"From there, organisations should invest in modern cyber-security technology with machine learning algorithms that can identify anomalous behaviours in real-time, before an attacker can strike."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews