Lab test results stolen in hack of 15 million patients' records

Lab test results stolen in hack of 15 million patients' records

An open letter from a medical testing company is never a good thing.

A Canadian company specializing in administering laboratory tests, LifeLabs, announced on Dec. 17 that it had been the victim of a data breach affecting up to 15 million customers. And yes, at least some of those patients' test results were reportedly accessed by the unnamed culprits.

While a lot of questions still remain, what details we do have aren't exactly reassuring. For example, LifeLabs claims it discovered the breach in October, but says it's only notifying patients now in mid-December — after hiring outside security experts — because it wanted to make sure it understood the scope of the mess.

That it took over a month to determine that scope perhaps speaks to what a mess it is.

According to the company's announcement, hackers could have accessed customers' names, addresses, emails, login credentials, passwords, birthdays, health card numbers, and lab test results.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Although, it should be noted, LifeLabs insists that only 85,000 customers may have had their test results accessed. Oh, phew.

Tweet may have been deleted

Interestingly, LifeLabs claims that, following the hack, one of the measures it took to protect its customers was "Retrieving the data by making a payment."

It's not clear how LifeLabs could have ensured that any stolen data, once retrieved, was truly deleted. Although, to be fair, such a move wouldn't be unprecedented.

Another possibility, one that went unmentioned in the breach announcement, is that LifeLabs was the victim of ransomware. For the blissfully unaware, ransomware is a type of malicious software that encrypts a victim's data. Once encrypted, the very hackers that infected the victim's system promise to decrypt it — for a price. This would, at the very least, explain that rather odd "payment."

LifeLabs is offering customers "Dark Web Monitoring," "Identity theft insurance," and "TransUnion credit monitoring alerts," though we imagine that won't placate those affected.

SEE ALSO: 100 million Americans' data accessed in massive Capitol One hack

"While we’ve been taking steps over the last several years to strengthen our cyber defenses," wrote LifeLabs president and CEO Charles Brown, "this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors."

Indeed.