skout-blog

Cybersecurity Threat Advisory 002-20: LifeLabs Cyberattack & Data Breach

Advisory Overview

During October 2019 LifeLabs experienced a large-scale ransomware incident where attackers potentially gained access to various pieces of personal information for up to 15 million customers primarily within the British Columbia & Ontario areas of Canada. LifeLabs reportedly paid the ransom to regain access to the encrypted information, but it is uncertain whether or not the attackers managed to create copies of the data.
As a result, LifeLabs will be directly reaching out to users that have been confirmed as compromised and strongly encourages all users to follow their recommendations to help minimize future risks. It is possible that attackers gained access to sensitive personal information such as names, addresses, emails, logon credentials, health card numbers, and medical results. Hackers typically sell information like this on the dark web to be used for targeted attacks.

Technical detail and additional information

What is the threat?

The primary threat is the exploitation of sensitive information. The likelihood of such attacks are dependent on whether or not the attackers created any copies of the customer information they had access to. Such copies would allow attackers to simply resell said info on the dark web which could lead to phishing, blackmail, and even identity theft.

Why is this noteworthy?

LifeLabs is one of the largest medical testing companies in Canada. Both the sheer number of customers affected and the nature of the personal information that was exposed contribute to the notoriety of this breach. If the attackers were to exploit or sell any copies of this information, it could lead to large numbers of customers falling victim to phishing attacks or identity theft.

What is the exposure or risk?

While it is currently uncertain if the attackers managed to create any copies of the customer data, they did gain unauthorized access. The largest threat is future attacks utilizing this information. These could take the form of target phishing attacks or identity theft. So far up to 85,000 customers have been confirmed as compromised with another 15 million potential users also having various details exposed.

What are the recommendations?

  • Ensure Anti-Malware programs are up to date and that all devices have it installed.
  • Provide security awareness training to users to spot malicious emails.
  • Customers of LifeLabs should strongly consider registering for Insurance and Dark Web monitoring plans. Lifelabs is offering to users affected by the breach for 1 year of coverage. Additional information can be found at the following link: https://customernotice.lifelabs.com/
  • Change your logon credentials for any sites that shared either a username or password with your LifeLab account.
  • Contact your Health card provider to replace or change your Health card’s number.

References:

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.