• Products
    • CurrentWare Suite
      • AccessPatrol
        Device Control & DLP
      • BrowseControl
        Web Filter & App Blocker
      • BrowseReporter
        Workforce Analytics & Productivity
      • enPowerManager
        Power Control & Logon Tracking
    • Overview
      • Buy Now
      • Case Studies
      • Find a Reseller
      • Platform Security
      • Request a Demo
      • Self-Guided Demo
      • Reviews & Awards
  • Solutions
    • By Use Case
      • Employee Monitoring Software
      • Computer Activity Monitoring
      • Data Loss Prevention
      • Employee Investigations
      • Employee Productivity
      • Insider Threats
      • Internet Management
      • Remote Workforce
      • Security Compliance
      • Software License Optimization
      • Workforce Optimization
      • More Use Cases
    • By Industry
      • Financial Services
      • Government
      • Healthcare
      • Legal Services
      • Managed Service Providers
      • Manufacturing
      • Schools & Libraries
      • Small Business
  • Customers
    • Our Customers
      • Case Studies
      • Reviews & Awards
    • Customer Success
      • Onboarding Guide
      • Knowledge Base
      • Contact Support
      • System Requirements
  • Resources
    • Featured Resources
      • Employee Monitoring Starter Kit
      • Offboarding Data Security Guide
      • Internet Use Policy Template
      • Removable Media Policy Template
      • User Monitoring Policy Template
    • More Resources
      • Knowledge Base
      • Upgrade Deployment
      • Release Notes
      • Blog Articles
      • CurrentWare Videos
      • More Templates
  • Pricing
  • 1-888-912-9619
  • Contact Sales
  • Get Started for Free
  • Products
    • CurrentWare Suite
      • AccessPatrol
        Device Control & DLP
      • BrowseControl
        Web Filter & App Blocker
      • BrowseReporter
        Workforce Analytics & Productivity
      • enPowerManager
        Power Control & Logon Tracking
    • Overview
      • Buy Now
      • Case Studies
      • Find a Reseller
      • Platform Security
      • Request a Demo
      • Self-Guided Demo
      • Reviews & Awards
  • Solutions
    • By Use Case
      • Employee Monitoring Software
      • Computer Activity Monitoring
      • Data Loss Prevention
      • Employee Investigations
      • Employee Productivity
      • Insider Threats
      • Internet Management
      • Remote Workforce
      • Security Compliance
      • Software License Optimization
      • Workforce Optimization
      • More Use Cases
    • By Industry
      • Financial Services
      • Government
      • Healthcare
      • Legal Services
      • Managed Service Providers
      • Manufacturing
      • Schools & Libraries
      • Small Business
  • Customers
    • Our Customers
      • Case Studies
      • Reviews & Awards
    • Customer Success
      • Onboarding Guide
      • Knowledge Base
      • Contact Support
      • System Requirements
  • Resources
    • Featured Resources
      • Employee Monitoring Starter Kit
      • Offboarding Data Security Guide
      • Internet Use Policy Template
      • Removable Media Policy Template
      • User Monitoring Policy Template
    • More Resources
      • Knowledge Base
      • Upgrade Deployment
      • Release Notes
      • Blog Articles
      • CurrentWare Videos
      • More Templates
  • Pricing
  • 1-888-912-9619
  • Contact Sales
  • Get Started for Free

15 Million Health Records Leaked – Is LifeLabs Doing Enough?

January 14, 2020
LifeLabs Data Breach

In October 2019, LifeLabs – Canada’s largest diagnostic test provider – disclosed that they fell victim to a malicious ransomware attack, causing the potential leak of sensitive personal information of 15 million customers, the vast majority of these customers being located in B.C. and Ontario. The compromised data potentially includes names, addresses, emails, passwords, birth dates, health card numbers, and lab test results of LifeLabs customers.

This recent incident is not the first in LifeLabs’ history. In 2013, the medical information of 16,000 LifeLabs patients in Kamloops, British Columbia went missing following the loss of a hard drive. A history of cybersecurity negligence could prove fateful in ongoing investigations into this years’ breach.

What Is Being Done?

Following the announcement of the ransomware attack, LifeLabs published an open letter to their customers outlining the immediate impacts of the breach including details of customer data potentially affected, as well as the steps they have taken following the breach.

To mitigate the risks pending the attack, LifeLabs has:

  • Consulted cybersecurity experts to isolate and secure the affected systems and determine the scope of the breach
  • Implemented unspecified upgrades to the cybersecurity of their systems 
  • Paid the demanded ransom to have the encrypted data released
  • Opened an investigation with law enforcement
  • Offered cybersecurity protection services to all of their customers, including identity theft and fraud protection insurance

LifeLabs’ PIPEDA Responsibilities

LifeLabs’ privacy responsibilities are governed by Ontario’s Personal Health Information Protection Act (PHIPA), British Columbia’s Personal Information Protection Act (PIPA) and Saskatchewan’s Health Information Protection Act (HIPA), with each of those provincial health acts being heavily influenced by Canada’s national privacy legislature, the Personal Information Protection and Electronic Documents Act (PIPEDA). To keep things concise we will largely be focusing on LifeLabs’ responsibilities as it relates to PIPEDA.

Under PIPEDA, organizations that handle sensitive customer data are fully responsible for the protection and safe handling of their customer’s data. These organizations must monitor for breaches as part of their protection responsibilities and give proper notification if the breached information can cause a “real risk of significant harm (RROSH)”. Due to the potential identity theft risks should the compromised data be duplicated by the cybercriminals, the LifeLabs breach warrants the use of these reporting requirements.

There are specific clauses from Schedule 1 of PIPEDA that may apply to the LifeLabs breach:

  • Clause 4.7: “Personal information shall be protected by security safeguards appropriate to the sensitivity of the information”
  • Clause 4.7.1: “The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations shall protect personal information regardless of the format in which it is held.”
  • Clause 4.7.2: “The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.”
  • Clause 4.7.3: “The methods of protection should include
    • (a) physical measures, for example, locked filing cabinets and restricted access to offices;
    • (b) organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and 
    • (c) technological measures, for example, the use of passwords and encryption.”

LifeLabs Facing Lawsuits Following the Breach

This breach may prove fateful for the future of LifeLabs. There are currently a minimum of two class-action lawsuits in progress against them – the first from a Toronto lawyer on behalf of five plaintiffs for $1.13 billion in potential damages and an additional $10 million in punitive damages, and the second from a British Columbia citizen affected by the breach who is seeking general and punitive damages, as well as pre- and post-judgment interest for anyone affected within the province.

In addition to the current lawsuits, LifeLabs may face heavy fines under provincial acts influenced by PIPEDA. While the exact post-breach protective measures taken by LifeLabs and the cybersecurity experts they are working with are not known, if LifeLabs’ cybersecurity infrastructure prior to the breach was not sufficient for the requirements of the acts they are governed under they are likely to incur harsh penalties. Under British Columbia’s PIPA, organizations can be fined $100,000, and under Ontario’s PHIPA, these fines can be up to $500,000.


While the future of LifeLabs is not certain, it is important that anyone affected by the breach take any steps possible to protect themselves. Affected customers should take advantage of the insurance and protection offered by Lifelabs, change their passwords, and contact their financial service providers. If evidence of identity theft if found, affected customers should file a report with their local police force and contact the Canadian Anti-Fraud Centre.

Related posts

workplace surveillance: employers that went too far
August 1, 2025

The Ethics of Employee Monitoring: 5 Real-World Examples of Overreach


Read more
Guide title: How to Disable USB Ports on Windows 11, The Complete Guide. A computer monitor displays a symbol of a USB stick with a red circle and slash through it.
July 29, 2025

How to Disable USB Ports on Windows 11: The Complete Guide (2025)


Read more

CurrentWare's data loss prevention, productivity, and security software gives you advanced control and visibility over technology use in your organization

1-888-912-9619

  • Products
    • CurrentWare Suite
    • AccessPatrol
    • BrowseControl
    • BrowseReporter
    • enPowerManager
  • Solutions
    • Data Loss Prevention
    • Employee Monitoring
    • Endpoint Security
    • Insider Threats
    • Managed Service Providers
    • Monitor Productivity
    • Office Attendance Tracking
    • Remote Workers
    • Security Compliance
    • Software License Optimization
    • Staff Investigations
    • User Activity Monitoring
    • Web Management
    • More Solutions
  • Learn
    • Block Internet Access
    • Block USB
    • Monitoring Guide
    • Monitor Web Use
    • Monitor WFH Staff
      • COMPARISONS
    • ActivTrak Alternative
    • Teramind Alternative
    • Insightful Alternative
    • More Comparisons
  • Resources
    • Join Our Newsletter!
    • Cloud Deployment
    • Find a Reseller
    • Knowledge Base
    • Onboarding
    • Release Notes
    • System Requirements
      • DEMOS
    • Free Trial
    • Overview Video
    • Request Demo
    • Self-Guided Demo
  • Company
    • About Us
    • Case Studies
    • Be a Reseller
    • MSP Program
    • Get a Quote
    • Contact Us
    • Platform Security
2025 CurrentWare. All Rights Reserved. Based in North America
|
Sitemap
|
Privacy Policy
|
Terms of Service