I’m a Lifelabs customer who gets blood work regularly tested.
This morning (Saturday), I received an email that started out this way: “You may have heard that LifeLabs recently experienced a cyber-attack involving unauthorized access to some of its computer systems with customer information that could include name, address, email, logins, passwords, date of birth, health card numbers, gender, phone numbers, password security questions and lab test results.”
Yeah, I heard about the data hack, but that was announced on Dec. 17, 2019.
It’s Jan. 11, 2020 and you’re just now emailing clients to tell them about one of our nation’s worst data breaches? I’m a journalist so of course I’ve heard about this. But what about all of the customers who don’t follow the news closely? I wish there weren’t people out there who don’t follow the news, but there are.
Clients should have received an email back in December. It’s just another misstep for a company that doesn’t seem to know what it’s doing.
This is Canada’s largest medical laboratory diagnostic testing services company.
The email also included this beauty of a sentence: “Our investigations indicate that the cyber-attack involved potential access to LifeLabs’ old online appointment booking system, but didĚýnotĚýinvolve access to the newĚýmy ehealthĚýpatient portal used to access test results.”
LifeLabs underlining the word “not” is their way of trying to spin this as some sort of victory for their new system or a kind of positive. Great, but it doesn’t really matter because cyber-attackers were still able to hack into their system. People’s data was still exposed.
The LifeLabs email also mentions about the risks to clients being “low” – another attempt to downplay what happened.
I hate when companies try and spin some sort of positive news out of a bad situation.
And, make no mistake, this is bad.
Follow Chris Campbell on Twitter @shinebox44
Ěý