View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 18, 2019

Canada’s Largest Lab Tests Firm Admits Paying Up After Ransomware Attack

"Through proactive surveillance, LifeLabs recently identified a cyber-attack..."

By CBR Staff Writer

LifeLabs, Canada’s largest provider of specialty laboratory testing services, has belatedly confessed to a ransomware attack in October that it admits compromised the data of up to 15 million people — nearly half of the country’s population.

The Toronto-based company, which describes itself as “Canada’s largest community lab” said it paid up to recover the data; an unusual public admission that runs the risk of exposing it to further attacks from cybercriminals intent on milking it further.

CEO Charles Brown has been widely ridiculed in the information security community for a clumsy and otherwise information-poor response to the incident, written after news of the incident leaked to the press. Ontario and British Columbia’s Privacy Commissioners said that they are undertaking a “coordinated investigation”.

The attack had been reported to the two watchdogs on November 1, 2019, they wrote, saying LifeLabs had “confirmed they were the subject of an attack affecting the personal information of millions of customers… They told us that the affected systems contain information of approximately 15 million LifeLab customers, including name, address, email, customer logins and passwords, health card numbers, and lab tests.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“LifeLabs advised our offices that cyber criminals penetrated the company’s systems, extracting data and demanding a ransom. LifeLabs retained outside cybersecurity consultants to investigate and assist with restoring the security of the data.”

LifeLabs’ CEO said the ransomware incident had been discovered through “proactive surveillance”; an unusual choice of words for an attack that typically locks files and demands a ransom in a highly visible manner across the desktops of those affected.
“We have taken several measures to protect our customer information,” he added, including “retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.”

The company has yet to answer questions on whether the highly personal data was encrypted at rest, amid a growing public outcry as the news spread on Wednesday.

“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected” said Brian Beamish, Ontarios Information and Privacy Commissioner, adding: “Perpetrators are becoming increasingly sophisticated.”

The attack on LifeLabs follows a June attack on fellow lab diagnostics provider Eurofins Scientific, a Luxembourg-based company that provides blood and DNA tests for the Metropolitan Police, among other customers. Eurofins employs over 45,000 staff in more than 800 laboratories across 47 countries. It conducts over 150 million tests.

That incident resulted in severe delays to ongoing prosecutions.

The surge in ransomware incidents comes as Sophos warned that a new strain of ransomware dubbed “Snatch” is bypassing Windows defender by immediately booting the computers it infects in “safe mode”, where security programmes don’t run.

“The severity of the risk posed by ransomware which runs in Safe Mode cannot be overstated”, Sophos said in a report that detailed a specific intrusion in detail.

Read this: New Ransomware Mutation Raises Alarm over Defensive Techniques

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.