sa国际传媒

Skip to content
Join our Newsletter

sa国际传媒 clients of LifeLabs plan lawsuit over data breach

LifeLabs clients in sa国际传媒
CPT12036294.jpg
LifeLabs signage is seen outside of one of the lab's Toronto locations, Tuesday, Dec. 17, 2019. THE CANADIAN PRESS/Cole Burston

LifeLabs clients in sa国际传媒 and Ontario have filed notices of claim in the courts seeking to launch class-action lawsuits against the diagnostic testing firm after revelations that it suffered a data breach involving 15 million patients, mostly in those provinces.

The company revealed this week that it discovered its systems had suffered an unauthorized access and the intruder might have had access to names, addresses, email, logins, passwords, dates of birth and health-card numbers, as well as test results for 85,000 Ontario residents from 2016 and earlier.

In the notice of claim filed in sa国际传媒, retired computer technician Kenneth Morrison argues that LifeLabs 鈥渇ailed to implement sufficiently strong encryption and security safeguards to prevent the personal information from being subject to unauthorized access.鈥

The company 鈥渇ailed to treat privacy and security as its top priorities,鈥 according to the claim, filed by Morrison鈥檚 lawyer, David Aaron, seeking to register the lawsuit as a class action for all of LifeLabs customers in sa国际传媒, which could be most British Columbians.

Health Minister Adrian Dix said LifeLabs, sa国际传媒鈥檚 largest private provider of medical tests, does about one-third of all diagnostic tests for the provincial health system, 34 million procedures in 2018, and the province has 鈥渧ery high expectations of LifeLabs as our partner.鈥

鈥淭he privacy aspects of our agreements with LifeLabs are very significant,鈥 Dix said this week. 鈥淚t is a major challenge in the world we live in.鈥

However, the delay in informing the public of the LifeLabs breach, which happened in October but wasn鈥檛 made public until Tuesday, indicates a need to tighten up Canadian rules for disclosure, according to a Simon Fraser University cybercrime expert, Richard Frank.

鈥淎 lot of things can happen in two months,鈥 when members of the public are unaware of risks to their data, Frank said.

LifeLabs is now offering patients a security package that includes a year of free credit monitoring and identity-theft protection, but Frank, a LifeLabs client, said: 鈥淗ad I known two months ago, I could have changed passwords.鈥

Dix said LifeLabs reported its data incursion to the province Oct 28. 1, and sa国际传媒 knew by Nov. 7 that data of British Columbians was involved.

He added that the only reason LifeLabs was granted a delay in disclosing the breach publicly 鈥渨as to ensure that the information that hadn鈥檛 been compromised wouldn鈥檛 be compromised.鈥

Regulations in provincial policy manuals make 鈥渁ll employees, contractors and others鈥 who have access to data, including personal information, responsible for its security. Security includes 鈥減rotection of personal data, systems, documentation, computer-generated information and facilities from accidental or deliberate threats to integrity or availability,鈥 according to the regulations.

However, Frank said some jurisdictions, such as the European Union through its General Data Protection Regulation and California with its Consumer Privacy Act, have tighter requirements for disclosure.

鈥淲e need something like that here,鈥 Frank said.

Improving on data protection is becoming more critical as the technology we use, such as smartphones, generate enormous amounts of it, said Scott Morrison, chief technology officer for the digital security firm PHEMI Systems.

鈥淧eople expose huge amounts of information as they go through their lives leaving behind this digital exhaust,鈥 Morrison said.

The biggest mistake that large organizations make is to rely on the traditional 鈥渇ortress model鈥 of security in which 鈥測ou have a strong wall around the inner keep,鈥 using firewall devices, Morrison said, 鈥渁nd you assume your entire defensive posture is about keeping bad guys from getting in.鈥

Instead, companies should build compartments inside their data fortresses and adopt measures such as the encryption of stored data to protect it.