Following a joint investigation by the public privacy agencies of British Columbia and Ontario, it was concluded that Lifelabs was found to have been negligent in the protection of the personal data of millions of Canadians, causing one of the largest privacy breaches ever known in Canada in 2019.
This article will also interest you: Health data protection, a headache for authorities and individuals
It is recalled that during the month of November 2019, Lifelabs publicly revealed that it had been the victim of a cyberattack. Computer incident in which cyber criminals allegedly had access to personal apartment information to nearly 15 million people who were part of its clientele. The victims of this data leak are located primarily in Ontario and British Columbia. According to information gathered from the company, the company agreed to pay the ransom demanded by the hackers. It was then that in the middle of December 2019, the privacy agencies decided together to conduct an investigation in order to clarify the case as best as possible.
And the result of this survey points to the negligence of Canadian society, which is how long one of Canada's largest medical service providers will come in. Investigators found that LifeLabs had violated all applicable privacy laws in ontario and British Columbia. Separately, data protection agencies said the health structure had gathered more information than was "reasonably necessary." Moreover, it had not provided enough protection to properly safeguard them based on safety protocols that were not adequate.
Looking at this situation, the Department of Health of Canada and Michael McEvoy, the Privacy Commissioner argued that this investigation clearly demonstrates the importance of having laws that impose huge fines on companies or other organizations that neglect their obligations to protect the information of the people entrusted to them.
According to the B.C. Privacy Commissioner, the Canadian company's data leak is one of the most important he has had to investigate. With his colleague from Ontario, they both ordered the company to do everything it could to close the security loophole and to improve these policies and practices for securing this information technology.
However, LifeLabs disputed the investigation report, meaning that the leaked information contained nothing confidential. Mr. McEvoy said: "LifeLabs said today in a statement that it is open and transparent from the beginning in this matter and it is hoped that, in the spirit of this openness and transparency, they will drop their objection to the publication of the full report of our investigation."
This statement by the Privacy Commissioner is supported by B.C. Health Minister Adriana Dix: "The public interest is based on providing as much information as possible to rebuild public confidence, and that is how this kind of situation is addressed." He later added: "LifeLabs is a great company and a great partner, but what the survey has shown is that she and all of us need to do better," he says.
For its part, the Canadian company announced that it had accelerated its strategy to strengthen its computer system. This is by hiring a director of IT security to define the new policy strategy for securing customer data. In addition to this, LifeLabs claims to have invested nearly $50 million in the organization of its new IT security policy, in addition to the in-house experts, by requesting the intervention of several third-party specialists in the field.
On the other hand, Health Minister Adrian Dix announced changes to the agreement already negotiated between the Canadian company and the government after the leak was discovered. These changes would relate to several provisions relating to a procedure for strengthening the confidentiality of information held and managed by LifeLabs, so that recommendations from the investigation report can be added.
Now access an unlimited number of passwords: