Privacy commissioners in B.C., Ontario order LifeLabs to improve security

Privacy commissioners in B.C., Ontario order LifeLabs to improve security

VICTORIA — One of Canada’s largest medical services companies failed to put in place reasonable safeguards to protect the personal health information of millions of Canadians, say the privacy commissioners in B.C. and Ontario.

LifeLabs revealed last November that hackers gained access to the personal information of up to 15 million customers, almost all in Ontario and B.C., and that the company paid a ransom to retrieve and secure the data.

The breach was determined to have affected millions of Canadians and the privacy commissioners announced their joint investigation in mid-December.

A statement released Thursday by the commissioners says the breach last year broke Ontario’s health privacy law and B.C.’s personal information protection law.

The joint investigation found LifeLabs collected more personal health information than was necessary, failed to protect that data in its electronic systems and relied on inadequate information technology security policies.

B.C.’s privacy commissioner and health minister say the investigation shows that provincial legislation should be changed to allow fines against companies that don’t protect personal information.

Michael McEvoy, the information and privacy commissioner of B.C., said the size of the breach was largest he has investigated.

“This the most significant privacy breach I’ve ever seen in British Columbia as privacy commissioner and I think that our office has seen in many years,” he said in an interview.

Both the Ontario and B.C. offices have ordered LifeLabs to address shortcomings through measures that include improving its security systems and creating written policies and practices regarding information technology security.

But McEvoy said the health care company has opposed the release of the commissioners’ report on the grounds it contained confidential and privileged information.

“LifeLabs said today, in a press release, that it’s been open and transparent from the outset of this matter and we hope that in the spirit of that openness and transparency, they will drop any objections they have to the full publication of our investigation report,” he said.

B.C. Health Minister Adrian Dix backed that call.

“Public interest lies in more information being provided to build public confidence, and that’s how you respond to these things,” he said. ”LifeLabs is a great company and a great partner but what this has shown is they, and all of us, have to do better.”

LifeLabs says it has accelerated its strategy to strengthen its information security systems, including appointing a chief information security officer to lead the improvements.

The company said it has also made efforts to improve its information security management program with an initial $50 million investment and has hired a third-party service to evaluate its response.

“What we have learned from last year’s cyberattack is that we must continually work to protect ourselves against cybercrime by making data protection and privacy central to everything we do,” LifeLabs said in a statement.

Dix, who hasn’t seen the privacy commissioner’s report, said the government made changes in its contract negotiations with LifeLabs after the data breach. Those include provisions that strengthen privacy considerations and offer a place to incorporate the recommendations from the joint investigation, he added.

McEvoy also called for his office to be given the ability to fine companies who breach privacy laws, which Dix said he supported.

Ontario commissioner Brian Beamish says the breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant.

“I look forward to providing the public, and particularly those who were affected by the breach, with the full details of our investigation,” Beamish said in a statement.

The privacy commissioners said they have given LifeLabs 14 days to take them to court to oppose the release of the report.

This report by the Canadian Press was first published June 25, 2020.

The Canadian Press

Business

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Lacombe Raiders football begins delayed Spring Camp

Football players required to follow guidelines laid out by AHS

46 new COVID-19 cases reported Wednesday in Alberta

Province has completed more than 500,000 COVID-19 tests

Mary C. Moore Public Library receives reopening helping hand from Lacombe Ford

Library computer services now available by appointment

City of Lacombe planning cemetery headstone cleaning

City currently looking for volunteers

PODCAST: Black Lives Matter in central Alberta Part 2

More insight into the Black Lives Matter movement of central Alberta

PODCAST: The Expert tackles the return of sports

Cam Moon, Joe Whitbread, Byron Hackett and Todd Vaughan discuss how sports can come back

Racist slurs during Conservative leadership debate not surprising: Lewis

Racist slurs during Conservative leadership debate not surprising: Lewis

‘These kind of issues are out here’: New doc examines police violence in Calgary

‘These kind of issues are out here’: New doc examines police violence in Calgary

‘Vowed myself to silence:’ Woman says she couldn’t cope after Edmonton attack

‘Vowed myself to silence:’ Woman says she couldn’t cope after Edmonton attack

Alberta politicians swap charges of bullying, misogyny after member ejected

Alberta politicians swap charges of bullying, misogyny after member ejected

Police chiefs call for decriminalization of personal drug use

Police chiefs call for decriminalization of personal drug use

Serbia bans mass gatherings after virus lockdown protests

Serbia bans mass gatherings after virus lockdown protests

Mississippi seeing big virus outbreak in state legislature

Mississippi seeing big virus outbreak in state legislature

Most Read