After a cyber attack, Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers, which included login info and test results. ( Catalin Cimpanu / ZDNet)

ThomasApril 18, 2023

0 176 3 minutes read

After a cyber attack, Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers, which included login info and test results. ( Catalin Cimpanu / ZDNet)

As Canada’s largest cyber attack, LifeLabs is one of the largest and most trusted providers of healthcare services across the country. They maintain a network of labs across Canada and provide testing services to doctors in each province. But on the night of April 10, 2018, hackers broke into the company’s network and stole sensitive patient information, including Social Insurance Number (SIN) numbers, billing information, and test results. By the end of the first week, after the breach was discovered, LifeLabs knew they were dealing with a hack that had caused $1.5 billion in losses. To contain the damage and prevent further loss of patient data, LifeLabs paid a ransom of CAD 50,000, which they claimed was enough to decrypt the data. However, the hackers only returned the data if the company paid them an additional CAD 1,000,000.

What is a Canadian medical lab LifeLabs?

LifeLabs, a startup in Toronto, aims to provide fast, accurate tests to diagnose infections that could kill. LifeLabs is a Canadian lab that provides testing for all areas of the body. They offer tests for cholesterol levels, blood sugar, and thyroid, among other things. They also provide urine analysis for drug screening. All of their services are free for those eligible for the program. But its business model could be more typical. Unlike many lab tests requiring a doctor’s prescription, LifeLabs allows customers to purchase lab tests and perform them themselves at home using their own samples. Customers can receive their test results within one day of performing the test. Or they can wait three days and receive them as text messages or emails.

After a cyber attack, why did Canadian medical lab LifeLabs pay a ransom to recover the stolen data of 15M+ customers?

The story about LifeLabs is one of many to come out of the ransomware attack last week, where criminals used malware to lock up data on PCs in Canadian hospitals and other healthcare organizations. LifeLabs is a Canadian healthcare services provider running medical laboratories for hospitals and doctors. LifeLabs was hit with ransomware on June 28 after hackers demanded $50,000 in Bitcoin, but they paid up to prevent further disruption. They paid more than twice that amount and were able to quickly restore all of their systems and all of the sensitive data contained within.

How did LifeLabs Recover from the Ransomware Attack?

When LifeLabs’ website was hit by the WannaCry ransomware attack, it was down for three days. But instead of panicking, the company took action. CEO John Hering called his team together and discussed the situation. They came up with a plan that focused on the positive. Instead of waiting for a fix to be released and assuming that they wouldn’t be able to recover, the team decided to focus on recovery, not prevention. They quickly launched a support line, a site for reporting and recovering files, and a process for dealing with similar attacks in the future. Hiring a team of four full-time employees to handle support and recovery, LifeLabs was back online in less than 24 hours.

Conclusion

LifeLabs’ data breach was a wake-up call for all medical labs. In this situation, the only way to secure patient records was to take them offline, decrypt them, and restore them. But, LifeLabs was very transparent about what happened and where it was headed after the breach. They created a blog to explain why they did what they did and what they will do to prevent it from happening again. They also shared some helpful tips for consumers to avoid the same mistakes. Finally, they offered two years of complimentary credit monitoring and identity theft protection to anyone who signed up during the breach.