[Northern Light]

For most of you here, if you've had a blood test done or other similar out patient test, there's a really good chance its been done by LifeLabs.

They are by far the largest medical testing lab system in Ontario and BC.

15,000,000 people's information has been compromised, including Name, Address, Phone numbers and Health Card numbers.

That's almost 40% of the population of the country!

****

What kind of asinine decision making leaves info like this exposed to external access, unencrypted????

Article here:

https://www.cbc.ca/news/canada/british-columbia/lifelabs-cyberattack-15-million-1.5399577

 

[Northern Light]

Article on this in The Star:

LifeLabs says it paid ransom to secure millions of customers’ stolen medical data

Lab-test provider LifeLabs says it paid ransom to secure data, including test results from 85,000 Ontarians, that was stolen in a data breach in late October.

www.thestar.com

Pertinent Info from above:

- Lab test provider LifeLabs says it paid a ransom to secure data, including test results from up to 85,000 Ontarians, that was stolen in a data breach in late October.

- The hackers also obtained personal information of an unknown number of its 15 million Canadian customers — based mostly in Ontario and British Columbia — including health card numbers, names, email addresses, login, passwords and dates of birth.

- LifeLabs advised by cyber security firms that the risk to customers is low and it has not seen any public disclosure of customer data as part of its investigations.

- It is offering customers one free year of protection that includes dark web monitoring and identity theft insurance.

 

[salsa]

So 47 days after the breach happened, only now the public is finding out about this?

 

[Admiral Beez]

passwords

How can hackers steal the passwords? Whenever I try to retrieve my password from any site the system always refuses, instead it resets your password. This is supposedly because the website operator doesn't know your password.

 

[AlvinofDiaspar]

How can hackers steal the passwords? Whenever I try to retrieve my password from any site the system always refuses, instead it resets your password. This is supposedly because the website operator doesn't know your password.

Of course they can - passwords have to be stored somewhere on the server - as is (bad practice) or salted and hashed. Just because a site don't allow password retrieval (a policy) doesn't mean that the file underlying it can't be accessed.

AoD

 

[SunriseChampion]

Why they didn't have their servers encrypted is beyond me.

The CEO didn't know the answer to being asked if the servers were encrypted or not.

Overpaid, if you ask me. You hear that, @BurlOak? Over.Paid.

I'm not concerned. I purposely sabotaged my credit rating to ward off any potential financial losses from all this sort of internet malfeasance and no one cares that my triglyceride levels are optimal.

 

[AlvinofDiaspar]

Why they didn't have their servers encrypted is beyond me.
The CEO didn't know the answer to being asked if the servers were encrypted or not.

Him not knowing the answer right off is one thing; him not asking to make sure he has the answer is another. Sounds like the government need to move medical testing back in-house if the private sector can't get its' act together for something as basic and fundamental as this.

AoD

 

[Jonny5]

This story is back in the news and not in a good way.

https://www.cbc.ca/news/business/lifelabs-data-breach-1.5667618