Skip to content

Security experts say health care industry is prized target for cyber criminals

TORONTO — Cyber security experts say that the recent data hack at LifeLabs Medical Laboratory Services, one of Canada’s largest medical services companies, is part of a broader problem faced by the health care industry.
19853573_web1_191219-RDA-Life-labs-security-breach

TORONTO — Cyber security experts say that the recent data hack at LifeLabs Medical Laboratory Services, one of Canada’s largest medical services companies, is part of a broader problem faced by the health care industry.

LifeLabs revealed Tuesday that hackers gained access to the personal information of up to 15 million customers, almost all in Ontario and British Columbia, forcing the company to pay a ransom to retrieve and secure the data.

Raheel Quereshi, co-founder of Toronto-based consulting firm iSecurity, said Wednesday that the health care industry is a prized hacker target in recent years because victims often will pay a ransom to avoid an operational disruption.

iSecurity’s experience has been that the health care industry accounts for about the 48 per cent of the cases it has handled — although it wouldn’t reveal the identity of any of its 300 to 400 clients in Ontario.

“We completed, I think, more than 10 different cyber security responses this year, in health care. Some of them you’ve seen on the news and some of them didn’t make it to the news,” Quereshi said.

“So health care has been a big interest for the external threat agents and the hacker community.”

From the hacker’s point of view, he said, the health sector promises a good return on investment.

“The attackers are targeting health care sector more for financial gain than, really, trying to extract the information and sell it elsewhere. At the end of the day, they just want to get paid once they get in.”

Rob Martin, a vice-president for Waterloo, Ont.-based cyber security firm eSentire, agrees that criminals may move on to other victims after they’re paid — but that’s not necessarily the case.

“If someone is complacent, and doesn’t remediate or resolve the problem that caused things to happen in the first place, that threat will often times recur … and hold people hostage again.”

What’s more, Martin said, the criminals are “very opportunistic” and can find other ways to sell the information contained within the hacked database.

“On what’s referred to often as the dark web there are electronic sites … where you can buy identities and personal information quite inexpensively depending on the value of that data,” Martin said.

LifeLabs said Tuesday that the compromised database included health card numbers, names, email addresses, login, passwords and dates of birth but said it wasn’t sure how many of the files were accessed during the breach.

Privacy commissioners from B.C. and Ontario said they would examine the scope of the breach, the circumstances leading to it, and what measures LifeLabs could have taken to prevent and contain it.

Ontario’s health ministry said Wednesday that it will review the results of the commissioners’ independent investigation, including any recommendations, once released.

The ministry is also developing “concrete supports to ensure health information custodians are better able to securely manage personal health information in their custody.”

LifeLabs chief executive Charles Brown, who apologized publicly in Tuesday’s announcement about the hack, assured the public that its consultants have seen no evidence that the data has been trafficked by criminal groups.

It’s offering customers one year of free protection that includes dark web monitoring and identity theft insurance. It will also contact about 85,000 customers in Ontario whose lab results were obtained by the hackers.

However, Martin said, it’s possible that some of the personal information within any database could contain customer passwords that will give criminals access to other parts of their life such as their email, credit card or Netflix account.

Consumers can help protect themselves, he said, by avoiding simple passwords or re-using passwords for different accounts so that if one is hacked the threat can be limited.