LifeLabs, Canada’s largest provider of specialty laboratory testing services, has belatedly confessed to a ransomware attack in October that it admits compromised the data of up to 15 million people — nearly half of the country’s population.
The Toronto-based company, which describes itself as “Canada’s largest community lab” said it paid up to recover the data; an unusual public admission that runs the risk of exposing it to further attacks from cybercriminals intent on milking it further.
CEO Charles Brown has been widely ridiculed in the information security community for a clumsy and otherwise information-poor response to the incident, written after news of the incident leaked to the press. Ontario and British Columbia’s Privacy Commissioners said that they are undertaking a “coordinated investigation”.
Magnitude of this personal & health #privacy breach impacting 15 million Cdn patients is surreal—80% of #Ontario and #BritishColumbia’s population affected. Unknown ransom paid by #LifeLabs. Public notified mths later only via media. ON and BC Privacy Commissioners investigating. https://t.co/FtVPDMKpZO
— Kulvinder Kaur MD (@dockaurG) December 17, 2019
The attack had been reported to the two watchdogs on November 1, 2019, they wrote, saying LifeLabs had “confirmed they were the subject of an attack affecting the personal information of millions of customers… They told us that the affected systems contain information of approximately 15 million LifeLab customers, including name, address, email, customer logins and passwords, health card numbers, and lab tests.”
“LifeLabs advised our offices that cyber criminals penetrated the company’s systems, extracting data and demanding a ransom. LifeLabs retained outside cybersecurity consultants to investigate and assist with restoring the security of the data.”
LifeLabs’ CEO said the ransomware incident had been discovered through “proactive surveillance”; an unusual choice of words for an attack that typically locks files and demands a ransom in a highly visible manner across the desktops of those affected.
“We have taken several measures to protect our customer information,” he added, including “retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.”
The company has yet to answer questions on whether the highly personal data was encrypted at rest, amid a growing public outcry as the news spread on Wednesday.
“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected” said Brian Beamish, Ontarios Information and Privacy Commissioner, adding: “Perpetrators are becoming increasingly sophisticated.”
The attack on LifeLabs follows a June attack on fellow lab diagnostics provider Eurofins Scientific, a Luxembourg-based company that provides blood and DNA tests for the Metropolitan Police, among other customers. Eurofins employs over 45,000 staff in more than 800 laboratories across 47 countries. It conducts over 150 million tests.
That incident resulted in severe delays to ongoing prosecutions.
The surge in ransomware incidents comes as Sophos warned that a new strain of ransomware dubbed “Snatch” is bypassing Windows defender by immediately booting the computers it infects in “safe mode”, where security programmes don’t run.
“The severity of the risk posed by ransomware which runs in Safe Mode cannot be overstated”, Sophos said in a report that detailed a specific intrusion in detail.