Getty Images/iStockphoto

LifeLabs Hit With Several Lawsuits Over Data Breach of 15M Patients

In December, the Canadian testing giant reported it paid cybercriminals to retrieve the data of 15 million patients; those breach victims have filed several lawsuits, claiming failure to adequately secure data.

LifeLabs is potentially facing a class-action lawsuit after a several civil lawsuits were filed against the testing giant in a British Columbia Court, following reports that the data of 15 million patients was stolen and retrieved by the company after a systems breach, according to local news outlet Vancouver Sun.

Two other patients have also filed lawsuits against LifeLabs following the massive security incident.

In mid-December, Canada-based LifeLabs reported it discovered unauthorized system access on November 1. An investigation revealed the breached systems contained the data of 15 million patients, such as contact details, lab results, and health card numbers, which were potentially accessed during the security incident.

What’s more, officials said they paid the cybercriminals to retrieve the data, as part of a “collaboration with experts familiar with cyberattacks and negotiations with cybercriminals.” LifeLabs has since bolstered its security, as it continues to investigate the breach with help from law enforcement.

The lawsuits argue that LifeLabs failed to adequately protect the sensitive data of its clients, claiming the testing giant was negligent, breached contract, and violated patients’ confidence and consumer and privacy protection laws.

Further, the breach victims claim that LifeLabs failed to implement adequate security measures and controls to effectively detect and respond to threats and risks to the personal and health information of its patients.

In fact, the lawsuit claims that LifeLabs did not have “any, adequate cybersecurity measures,” including failing to hire or train the workforce tasked with network security management, storing personal data, or network and servers. The breach victims also claim LifeLabs did not encrypt their data.

Attorneys are proposing the lawsuit be filed as class-action for all of the British Columbia patients impacted by the breach, claiming LifeLabs’ failures exposed victims to a heightened risk of identity theft, mental distress, and extortion.

According to the suit, “LifeLabs had a duty to use reasonable care to protect the privacy of its patients… [however], breached its duty to the class members resulting in the breach of their privacy.”

The attorneys are asking for $1.1 billion in compensation given the victims’ claims of damage to credit reputation and wasted time, such as changing passwords, applying for new social insurance numbers, and notifying financial institutions.

Health data breach lawsuits are becoming increasingly common. In December alone, the Supreme Court of Georgia revived a breach lawsuit against Athens Orthopedic Clinic, DCH Health was sued after its 10-day ransomware attack, Kalispell Regional Healthcare was hit with a breach lawsuit, and breach victims filed a lawsuit against Solara Medical.

Dig Deeper on Cybersecurity strategies