Health Diagnostic Company Pays Ransom to Secure Data Stolen from Millions of Customers
Canadian health diagnostics company LifeLabs is the latest company to learn a painful lesson in data security after being forced to pay hackers a hefty ransom in order to secure sensitive data stolen from nearly 15 million of its customers.
LifeLabs recently revealed in an open letter to its customers that the company had been the victim of hackers who gained access to its computer systems. The computer systems contained highly sensitive customer information such as home addresses, passwords, birthdays, health card numbers, and even lab results.
The hackers demanded a ransom, which the company admitted to paying after discussion with cybersecurity experts, in an effort to minimize the risk of having the data exposed. Neither the origin of the attack nor the identity of the hackers have been revealed.
Fortunately, it appears the paying of the ransom was effective, as LifeLabs has stated that it consulted with cybersecurity firms who have not yet been able to find any public disclosure of the customer data online, including on the dark web or other online locations.
The attack, which was discovered back in October, was not disclosed to the public until late December.
When asked why there was such a delay in relaying this information to the public, Canada’s Health Minister Adrian Dix told the media that the attack was not disclosed right away as there was concern about a potential secondary attack.
“The only reason there was a delay was to ensure that information that hadn’t been compromised wouldn’t be compromised, and that information that could be protected would be protected,” he said.
Unfortunately, this isn’t LifeLabs’ first experience with a data breach, as the company had previously lost track of a computer hard drive containing information for more than 16,000 patients.
How to Prevent This from Happening to You
Regardless of industry, any business is vulnerable to a cyber attack without the proper safeguards in place.
So, instead of waiting for an attack to happen as it did with LifeLabs be diligent with the following:
- Keep all computer systems and software updated regularly
- Be careful when checking phishing emails
- Don’t click on any strange links or emails that look concerning
- Carry out frequent offsite backups
- Implement Multi-Factor Authentication (MFA)
Also, make sure you have a disaster recovery plan in place to protect your company along with customer data.
Your business continuity plan will help you maintain regular business operations during a crisis and should incorporate ransomware defences and reliable backup systems to keep your business protected in the event of an attack.
Partner with IDS Systems
When it comes to customer data, the risk of a potential breach is far too high to handle disaster recovery on your own. So, when developing a business continuity plan, turn to the experts at IDS Systems who will make sure your data is always protected in the event of a cyberattack or data breach.
IDS Systems offers reliable solutions to protect and support your network infrastructure and security, such as IDS DataGuard™. With DataGuard, you will gain access to complete backup, recovery, business continuity, and disaster recovery capability all in one, and keep data losses to as brief as 30 minutes.
To learn more about our solutions or for assistance with data protection and other security measures, contact the experts at IDS Systems today.