Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
LifeLabs, one of the largest medical testing laboratory companies in the world, is facing another class action after a cybersecurity privacy breach. The class action lawsuit emerged from what was reportedly the largest cybersecurity privacy breach in Canadian history.
LifeLabs conducts more than a third of all laboratory tests in British Columbia. LifeLabs collects identifiable client information including information that is related to the patient’s health, or the scope of the health services received by the patient. All of this stored information is highly sensitive, personal and private data.
LifeLabs was the target of a cyberattack regarding the hacking of the personal information of about 15 million of LifeLabs’ Canadian clients on or about Oct. 28, 2019.
The private and personal information of the LifeLabs clients was compromised during the cyberattack, and patient information including names, addresses, email addresses, login, passwords, dates of birth, health card numbers, genders, phone numbers, password security questions, and lab test results was revealed.
Around Dec. 17, 2019, LifeLabs issued an announcement acknowledging the cyberattack and jeopardized clients’ personal health information in an open letter. The letter disclosed the date of the breach and that the government privacy regulators had been notified on Nov. 1, 2019. The letter announced that investigations from the British Columbia and Ontario privacy commissioners were in process and that the data breach developed when hackers obtained the personal health information of 15 million Canadians from LifeLabs’ servers. LifeLabs also admitted in the letter that the company had paid a ransom in conjunction with the cyberattack.
Other reports confirmed that the breach afflicted the personal information of about 21,670 residents of Alberta, 93,000 residents of Saskatchewan, and 2,900 residents of Yukon. The residents of Manitoba and the Northwest Territories were also impacted by the cyberattack, but the exact number of residents affected is currently unknown.
In addition to the investigations in Ontario and British Columbia, further investigations were initiated by privacy regulators in Alberta and Saskatchewan.
Personal health information is profoundly sensitive material and when it’s compromised it’s considered a violation of individual privacy. Private health data information has also been given the highest value in the black market and jeopardized personal health information has lasting effects for those involved. For these reasons, clients’ health information needs special protection from hackers.
The action states that the defendants, LifeLabs,” intentionally, willfully, and recklessly failed to have proper information technology (“IT”) protection in place to protect the personal information of the proposed class. LifeLabs knew it was a valuable target for hackers and ransomware. LifeLabs knew its IT security was inadequate and vulnerable to hackers.”
The LifeLabs cybersecurity privacy breach class action lawsuit continues to say that LifeLabs should have had multiple, redundant, and regularly updated IT security measures properly engaged, including the use of encryption to ensure the safety of the personal health data from being stolen from hackers during a cyber attack. If the information was encrypted, the stolen data would be unattainable and useless to hackers.
Additionally, LifeLabs’ payment of a ransom to the unidentified criminal hackers, linked with only one year of free credit protection services brings neither short-term or long term protection, and it does not remedy the situation for class members.
According to the LifeLabs cybersecurity privacy breach class action, LifeLabs should have had at a minimum: Encrypted personal information in storage, encrypted personal health information should have been accessible on a record-by-record basis only, and multi-factor authentication should have been mandatory for employee user accounts. Other actions that have been noted include master password encrypted databases that are protected and accessible to only a limited number of employees, an appropriate network segmentation, proactive network monitoring processes, and advanced endpoint detection and response tools.
These measures, if they are all implemented at once provide a relentless buffer against attacks. If one measure fails in a cyber attack, another measure may stop hackers from getting any further, and therefore is still capable of protecting the clients’ personal information. The LifeLabs cybersecurity privacy breach class action claims that if these precautions were taken by LifeLabs then 15 million Canadians personal health data would not have been compromised.
The plaintiff, both on her behalf and the behalf of the class members, is seeking damages in the amount of $100 million for breaches of privacy, negligence, intrusion upon seclusion, breach of contract, and engaging in unfair practices. Furthermore, the action seeks $25 million in punitive damages.
Are you one of the 15 million patients that were affected by the LifeLabs cybersecurity privacy breach? Tell us your story in the comment section below!
The plaintiff is represented by Brent B. Olthuis and Julia E. Roos of Hunter Litigation Chambers and Sotos LLP.
The LifeLabs Cybersecurity Privacy Breach Class Action Lawsuit is Donna Olson v. LifeLabs Inc., et al., Case No. S203198, in the Supreme Court of British Columbia, Canada.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
8 thoughts onLifeLabs Facing Class Action Lawsuit After Cybersecurity Privacy Breach
Please add me to this class action suit.
I spent many sleepless nights after I was notified of the breach, for two reasons. First because my personal details and private medical information were at risk, and secondly because “someone” had access to that information for a long time before I was notified! Who knows what was, or will be, done with it? I have changed my account information every which way I can think of, and pray that it’s enough.
Received notification of breach.
They said to change my password.
I have used then and would like to join
Wow I really felt that my informations was safe with LifeLabs ,I received and email with life labs letting me know that the clients using life labs did get hacked and potentially my information was possibly stolen .They need to have a better security network system to prevent this from happening again and yes I would also like to be included in this class action
I recall, quite vividly, how shocked and dismayed we were upon hearing about the breach at Life Labs. The fact that the breach happened is extremely upsetting, however, keeping it from public knowledge is nothing short of reprehensible.
Hello. We recall the breach of Life Labs. We used this Lab many times as that is where my doctor’s office is. When I heard of the breach, I stopped going there and now use Dyna-Care (even though I was able to see my test results online and paid an annual fee for this service)
it is definitely worrisome that someone would access our personal information.
Can we participate in this class action suit?
Hello. We recall the breach of Life Labs. We used this Lab many times as that is where my doctor’s office is. When I heard of the breach, I stopped going there and now use Dyna-Care (even though I was able to see my test results online and paid an annual fee for this service)
it is definitely worrisome that someone would access our personal information.