Advisory Overview
Technical detail and additional information
What is the threat?
Why is this noteworthy?
LifeLabs is one of the largest medical testing companies in Canada. Both the sheer number of customers affected and the nature of the personal information that was exposed contribute to the notoriety of this breach. If the attackers were to exploit or sell any copies of this information, it could lead to large numbers of customers falling victim to phishing attacks or identity theft.
What is the exposure or risk?
While it is currently uncertain if the attackers managed to create any copies of the customer data, they did gain unauthorized access. The largest threat is future attacks utilizing this information. These could take the form of target phishing attacks or identity theft. So far up to 85,000 customers have been confirmed as compromised with another 15 million potential users also having various details exposed.
What are the recommendations?
- Ensure Anti-Malware programs are up to date and that all devices have it installed.
- Provide security awareness training to users to spot malicious emails.
- Customers of LifeLabs should strongly consider registering for Insurance and Dark Web monitoring plans. Lifelabs is offering to users affected by the breach for 1 year of coverage. Additional information can be found at the following link: https://customernotice.lifelabs.com/
- Change your logon credentials for any sites that shared either a username or password with your LifeLab account.
- Contact your Health card provider to replace or change your Health card’s number.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.cbc.ca/news/technology/lifelabs-data-breech-security-ehealth-1.5400817
- https://www.lifelabs.com/lifelabs-releases-open-letter-to-customers-following-cyber-attack/
- https://www.cybersecurity-insiders.com/lifelabs-canada-hit-by-a-ransomware-attack/
- https://customernotice.lifelabs.com/
If you have any questions, please contact our Security Operations Center.