LifeLabs Failed to Secure Privacy
CBJ — A joint investigation by the Ontario and British Columbia information and privacy commissioners has concluded that LifeLabs failed to protect the personal health information of millions of Canadians, resulting in a significant privacy breach of classified data.
In December, 2019, LifeLabs admittted it had been the victim of a cyberattack, resulting in the personal files of 15 million Canadians being compromised. The vast majority of the people whose files were possibly compromised reside in Ontario and B.C.
The commissioners have determined the laboratory testing company did not meet the minimal threshold of ensuring reasonable safeguards against a cyberattack.
“LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable,” B.C. information and privacy commissioner Michael McEvoy said in a statement. “LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss and reputational harm.”
“The breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant against these types of attacks,” said Ontario privacy commissioner Brian Beamish.
It is not yet known what penalties or fines LifeLabs may face as a result of the findings.