News

After a cyber attack, Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers, which included login info and test results.(Catalin Cimpanu/ZDNet)

AdamMay 1, 2023

0 4 3 minutes read

After a cyber attack, Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers, which included login info and test results.(Catalin Cimpanu/ZDNet)

This happened in January 2018. Canada’s largest private sector employer LifeLabs was hacked. And the hack was not a one-time occurrence; it was part of a campaign of targeted attacks on the company. The hackers demanded $17,000 in bitcoin (Bitcoin), or the data would be permanently deleted. At that point, the only way to recover the data was to pay the ransom. It was a scary situation. It turned out that the attackers were looking for a list of the top 10,000 patients. The company’s CEO, Mark Besaw, told CBC News, “It’s a horrible breach that has caused a lot of anxiety and has had a huge impact on our staff and our patients and their families.” What was the impact? According to LifeLabs, the company lost access to 15 million patient records.

What is a ransom?

According to the Federal Bureau of Investigations (FBI), a “ransom” is a demand made by a criminal organization to obtain something of value from a victim in exchange for a threat to harm that person or their loved ones. In an online context, a ransom could mean access to a victim’s email account, computer files, or data.

What would LifeLabs do differently if they had not paid the ransom?

If LifeLabs hadn’t paid the ransom, it likely would not have successfully gained access to the system’s backup data. LifeLabs could have fixed the damage and restored the site to normal if they’d gotten a copy of the backup data. LifeLabs could have done this in two ways. They could have used the time gained to back up the site’s files on their server and then uploaded the backup data to the new server. Or, they could have used the time gained to contact the FBI, the Department of Homeland Security, or another similar government agency and work with them to recover the data.

Why did Canadian medical lab LifeLab pay the ransom?

LifeLab is a major Canadian medical lab that provides blood tests and diagnostic testing for various health conditions. In June 2015, a large ransomware attack hit LifeLab’s network, holding the company hostage. The company paid $17,000 to decrypt their data after their computers and IT systems went down during the attack. When a new law took effect on April 1, 2017, the medical lab was forced to pay a ransom to decrypt its files. While there is no set amount for how much ransom should be paid, LifeLab paid CAD 50,000 for its decryption keys.

How did Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers?

When LifeLabs found out that data from the lab had been stolen, they took immediate action. The company contacted all affected patients to alert them of the breach and assured them that their data was safe and secure. The company also contacted authorities, including the Royal Canadian Mounted Police. And when the hackers demanded money to retrieve the data, LifeLabs agreed. The ransom payment was made public and done in the hopes that the criminal would release the stolen information.

Conclusion

In conclusion, we need to be aware that the health of our patients is in our hands. No matter how advanced technology becomes, every system is impenetrable. We must be vigilant and work together to find solutions. Patients must be prepared for such incidents and ready to handle and act on them. The recent ransomware attack at LifeLabs, which held the personal information of 15M+ patients hostage, was just one of many events highlighting the importance of security in healthcare and the impact of a single breach. “The cyber attack was the largest to hit Canada and the world. The thieves made off with personal details of 15 million customers, including their health history, test results and billing details.”