You would have to be in denial not to be worried about the recent LifeLabs hack of the personal health information of 15 million Canadians.
Both the experts commenting on the ransomware attack and the company’s CEO have done nothing to allay our concerns.
It’s bad enough that the information was not locked down to prevent an attack and it appears the information, such as names, addresses and personal health numbers, likely ended up in the wrong hands.
We’re supposed to be comforted by statements that the information hasn’t shown up — so far — on the dark web and that identity-theft protection and insurance is available for LifeLab customers for up to one year.
Without more details, it’s hard to know exactly what happened and how, but experts surmise the information was encrypted to deny access and, once the ransom was paid, access was again provided.
It’s worrying that ransom had to be paid because payment may only encourage more such criminal activity.
Apparently, the hack took place several weeks ago but we only learned about it recently once a plan had been put in place and the system locked down.
No one is coming out of this breach with a clean record. LifeLabs, of course, looks bad and has been roundly criticized by both the Ontario and B.C. information and privacy commissioners.
The commissioners are investigating the scope of the breach, circumstances leading up to it and what, if any, measures LifeLabs could have taken to prevent and contain the breach.
But while necessary, this investigation is a bit like closing the barn door after the horse has escaped.
What we are learning now is that the information held by LifeLabs should have been encrypted so that even if it was hacked, it couldn’t be used. What’s more, it appears that with each breach of banking and other information, hackers figure out new ways to attack public bodies for private gain.
Even B.C. Health Minister Adrian Dix looked relatively chagrined when he revealed how and when the cyber attack occurred and explained why the details were withheld from the public for so long.
But as many have suggested, governments need to do more to pass tougher laws to ensure the protection of private data, with costly fines to go along with them. They must also ensure their own information is protected to the highest level.
As for the company, LifeLabs must provide a strong guarantee that information is safe. It will not easily regain the public’s confidence.
QUESTION: Are governments doing enough to protect our private data? Vote here.