Officials at LifeLabs, the largest diagnostics and testing services laboratory in Canada, recently announced they paid hackers an undisclosed ransom to retrieve more than 15 million stolen patients’ records.
The laboratory was breached last month with hackers removing patient data and requiring a ransom in order for the company to regain the records. Personal information taken in the cyberattack included names, home addresses, email addresses, username, passwords and health card numbers.
About 85,000 customers also had their medical test results exposed. Company officials said the stolen records date back to 2016 and before.
“Personally, I want to say I am sorry that this happened,” said Charles Brown, LifeLabs president and CEO. “As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.”
Brown said the servers breached by the hackers have been secured. He said the company is working with law enforcement to track down the hackers and offering a year of free identity theft protection for patients.
“I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyberattack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” he said.