News Insights: LifeLabs pays ransom after cyberattack exposes information of 15 million customers | CBC News

Canadian laboratory testing company LifeLabs has been hit by a cyberattack targeting millions of its customers

“There have been many breaches that have impacted many Canadians this past year.  This latest one hits a little closer to home as it directly impacts the medical records of our families and loved ones.  While some of the information compromised cannot be changed, there is some due diligence that consumers can take.   If one’s login credentials used to access the LifeLabs portal are used on other sites, it is a good idea to change those passwords as well as consider using a password manager moving forward.  Where possible, it is also a good idea to enable multi-factor authentication.”

Mounir Hahad, head of Juniper Threat Labs at Juniper Networks:

“This kind of breach has become rather commonplace, unfortunately. Your information does not need to be leaked multiple times – one leak is enough for your personal information to be forever compromised. So it’s hard to understand the motive behind companies that pay a ransom to prevent online leakage, as there is absolutely no guarantee the perpetrators will abide by their word to not resell information on the dark web. By paying them, companies are only financing their future operations and sending a signal to other groups that this kind of activity pays off. Given there was no imminent risk of loss of life or major disruption of a public service, the payment was ill-advised.”

Willy Leichter, VP of Marketing, Virsec:

While this breach may not sound huge compared to other mega-breaches in the news, it represents almost 40% of the entire population of Canada. There are several things that make this breach troubling – Canada has been a leader in creating strong privacy laws, yet the existence of these laws, disclosure requirements and potential fines, doesn’t seem to motivate many companies enough to properly protect their data. Also, while LifeLabs seems to have reported this breach promptly after discovering it, the data was stolen three years ago – highlighting the lack of real-time threat visibility for most organizations. Finally, they reportedly paid the hackers to “return” their data. This implies that their data was not adequately backed up, and paying ransoms – while understandable on an individual basis, rewards the hackers and perpetuates this endless stream of ransomware attacks. And it’s almost guaranteed that while the hackers may have returned the data, they also sold it on the Dark Web.

Raphael Reich, VP of Marketing, CyCognito:

“Organizations reacting to a breach, or working hard to prevent one, would be served well by undertaking a thorough examination of their attack surface to discover the sorts of un- or under-protected Internet-facing entryways into the organization that typically go undetected by IT and security teams, yet are easily discovered by attackers. These conduits into the organization are blind spots for IT and security teams because the assets may not be managed by, even known to, these teams. IT assets such as cloud-based servers, DevOps platforms, and partner networks that connect to an organization, but are outside their full control, are all examples. These “shadow risks” offer an open and tempting pathway to an attacker. That is why it’s imperative for organizations to map their attack surface, expose that shadow risk, and eliminate any critical attack vectors before attackers leverage them.”

James McQuiggan, Security Awareness Advocate, KnowBe4:

“Organizations responsible for collecting and maintaining sensitive information, like healthcare records, need to have elevated security protocols to protect the information to reduce the risk of having it stolen by criminals. While there’s no shortage of data protection tools like encryption, MFA, defense in depth, these should be strongly considered when protecting the sensitive and important data within an organization.  If the organization is unable to implement these controls due to budgetary issues, there should be a strong awareness training program for the employees to recognize the common attacks. Until healthcare organizations consider cyberattacks on the same level as fighting germs, breaches will continue to occur. Consumers will want to monitor their accounts and be vigilant of spear phishing emails. Criminals in possession of the stolen data will create emails to trick them to reset their passwords through a malicious website and mention that their DNA information has been compromised.”

Javvad Malik, Security Awareness Advocate, KnowBe4:   “There are few details available at the moment, so it’s difficult to say how the breach occurred. All that we know at the moment is that an unauthorised third party managed to gain access to a large dataset of customer information. It looks like the criminals were successfully able to extort money from LifeLabs, but paying criminals is no guarantee they won’t re-sell the data, or use it to compromise users further. So customers should be wary of any emails they receive, particularly ones which may claim to be from LifeLabs. Additionally, customers should take advantage of any identity theft protection that is offered and keep an eye on their credit records.”

Mike Jordan, VP of Research, The Shared Assessments Program:

“Companies find themselves in a difficult situation. It’s well known that it’s only a matter of time until any given company gets hacked. However, when breaches happen in the scale like this, it demands investigation to determine whether the company took reasonable precautions. 15 million Canadians affected is over 40% of all Canadians. If an organization can carries this amount of sensitive data, perhaps regulatory organizations should consider these organizations in a special category that requires additional oversight and outside assistance.”

Warren Poschman, senior solutions architect at comforte AG:

“Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on, in the case of healthcare, patient care over IT. LifeLabs must surely have an enormous treasure of sensitive data, so besides improving their perimeter defense, they should explore a data-centric security approach. That way, they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents.”

Brian Higgins, security specialist at Comparitech:

“This appears to be a successful extortion attack upon LifeLabs given that they have paid their criminal attackers to have the stolen data returned. Only after thorough investigation by the relevant authorities will this be confirmed and until then there remains the possibility that other cyber criminals may be in possession of the data. The compensatory offer of free Dark Web monitoring and password advice are a nice touch but by far the most critical threat to LifeLabs customers is further exploitation by criminal organizations. The entire consumer community will understandably be worried that their personal, medical data has been breached and it is this concern that makes them vulnerable to further criminal attack. Under no circumstances whatsoever should any current or previous customers respond to any unsolicited communication from LifeLabs.  Criminals will call or email purporting to be offering legitimate help but their sole aim is to play on people’s fear to make them give up their personal information. This could be logon credentials, passwords, payment information or any other data they can use to commit more crimes. Any contact whatsoever should be referred back to LifeLabs for confirmation and forwarded or reported to law enforcement immediately. This attack will have serious personal impact upon all of those involved. It would be tragic if the consequences were compounded by victims sharing even more personal information.“