On December 17, 2019, LifeLabs publicly announced a cyberattack it incurred that resulted in unauthorized access to customer information. LifeLabs indicated that the information “could include name, address, email, logins, passwords, date of birth, health card numbers, gender, phone numbers, password security questions and lab test results.”
LifeLabs said the information relating to approximately 15 million customers was potentially affected by this breach and that the “vast majority of these customers are in B.C. and Ontario”. LifeLabs also said that a relatively small number of customers in other provinces may have been affected, including Albertans.
The OIPC has since confirmed with LifeLabs that 21,670 Albertans were potentially affected by this breach.
LifeLabs operates four business divisions – LifeLabs, LifeLabs Genetics, Rocky Mountain Analytical and Excelleris. LifeLabs said, “If you have visited a LifeLabs for a test or received a test/service from LifeLabs Genetics and Rocky Mountain Analytical, then it is likely your information is in our database.”
Anyone who believes that their personal or health information may have been affected by this breach is encouraged to contact LifeLabs for more information. LifeLabs has a dedicated phone line for responding to this incident, which can be contacted at 1-888-918-0467. LifeLabs also has more information on its website at customernotice.lifelabs.com.
The OIPC has opened an investigation into this breach to determine whether LifeLabs has complied with its obligations under the Health Information Act and/or the Personal Information Protection Act in responding to this breach. Due to a variety of factors, a timeline for this investigation is not known and a public report may be issued.