Another large organization in North America has paid a ransomware demand, as cyber criminals increasingly turn to this as a lucrative enterprise.
In an open letter to customers obtained by CBC, Charles Brown, the president and CEO of LifeLabs, Canada’s largest lab testing company, wrote the information of about 15 million customers was “potentially accessed in this breach.” Names, addresses, email, login, passwords, date of birth, health card number and lab test results were all potentially breached.
LifeLabs got the data back by making a payment to the criminals, according to the letter.
“We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals,” the letter said, adding that the issues have been “fixed” and the company is working to put additional safeguards in place.
The risk to customers is low, Brown claimed, adding that the company has not seen any disclosure of customer data in places like the dark web.
Customers who are concerned about their data will be able to receive one free year of protection that includes dark web monitoring and identity theft insurance, the CEO said in the letter.
But one cybersecurity expert says that shouldn’t necessarily be reassuring.
“The compensatory offer of free Dark Web monitoring and password advice are a nice touch but by far the most critical threat to LifeLabs customers is further exploitation by criminal organizations,” Brian Higgins, security specialist at Comparitech, told Fox News in a statement.
Security software firm Emsisoft believes the plague of recent attacks “elevates the ransomware threat to crisis level,” according to a recent company-issued report.
According to the report, the U.S. in 2019 has been hit by an unprecedented wave of ransomware attacks, totaling 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. Of those 948 entities, a whopping 759 of them are healthcare providers, Emsisoft added.
Companies in the healthcare industry are especially vulnerable, according to experts.
“Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on…patient care over IT,” Warren Poschman, senior solutions architect at comforte AG, told Fox News in a statement.
Comparitech’s Higgins offers has some advice for customers. “Under no circumstances whatsoever should any current or previous customers respond to any unsolicited communication from LifeLabs,” he said.
“Criminals will call or email purporting to be offering legitimate help but their sole aim is to play on people’s fear to make them give up their personal information,” Higgins added. “This could be logon credentials, passwords, payment information or any other data they can use to commit more crimes.”