LifeLabs failed to guard the non-public well being data of thousands and thousands of Canadians, ensuing in a “vital privateness breach,” in keeping with a joint investigation by Ontario and B.C.’s data and privateness commissioners.
Final December, the laboratory testing firm revealed it had been the goal of a big cyberattack affecting the personal data of 15 million Canadians — primarily residents of B.C. and Ontario.
The joint investigation discovered the corporate did not implement affordable safeguards to guard the non-public well being data, which violated B.C.’s private data safety legislation, Ontario’s well being privateness legislation and the Private Well being Info Safety Act.
“LifeLabs’ failure to correctly defend the non-public well being data of British Columbians and Canadians is unacceptable,” B.C. data and privateness commissioner Michael McEvoy mentioned in a press release.
“LifeLabs uncovered British Columbians, together with thousands and thousands of different Canadians, to potential id theft, monetary loss and reputational hurt.”
The outcomes of the investigation additionally discovered that LifeLabs did not have ample expertise safety insurance policies and picked up extra private data than needed.
“This investigation additionally reinforces the necessity for modifications to B.C.’s legal guidelines that permit regulators to contemplate imposing monetary penalties on firms that violate folks’s privateness rights,” McEvoy mentioned.
His counterpart in Ontario, Brian Beamish, mentioned “the breach ought to function a reminder to organizations, huge and small, that they’ve an obligation to be vigilant towards these kind of assaults.”
The Canadian laboratory testing firm has been ordered by each workplaces to implement measures to deal with these shortcomings.
In a response to the investigation’s findings, LifeLabs mentioned it can proceed to work to guard itself towards cybercrime by making information safety and privateness central to the way it operates, including it has made a dedication to its clients to work laborious to earn again their belief.
In June, the corporate introduced it had additionally employed a third-party agency to guage its response to the cyberattack, in addition to its safety techniques.
Well being minister assured in LifeLabs
Regardless of the controversy in December, B.C.’s well being minister, Adrian Dix, says the province renewed its longtime contract with LifeLabs. Nevertheless, Dix says the brand new contract contains strengthened privateness issues and the area to include the suggestions of the commissioners.
“Individuals might be assured that vital modifications have been made after they go to LifeLabs,” mentioned Dix.
“LifeLabs has been longtime companions within the [provincial healthcare] system however it’s our expectation that they do higher.”