Security experts say health care industry is prized target for cyber criminals

TORONTO — Cyber security experts say that the recent data hack at LifeLabs Medical Laboratory Services, one of Canada’s largest medical services companies, is part of a broader problem faced by the health care industry.

LifeLabs revealed Tuesday that hackers gained access to the personal information of up to 15 million customers, almost all in Ontario and British Columbia, forcing the company to pay a ransom to retrieve and secure the data.

Raheel Quereshi, co-founder of Toronto-based consulting firm iSecurity, said Wednesday that the health care industry is a prized hacker target in recent years because victims often will pay a ransom to avoid an operational disruption.

iSecurity’s experience has been that the health care industry accounts for about the 48 per cent of the cases it has handled — although it wouldn’t reveal the identity of any of its 300 to 400 clients in Ontario.

“We completed, I think, more than 10 different cyber security responses this year, in health care. Some of them you’ve seen on the news and some of them didn’t make it to the news,” Quereshi said.

“So health care has been a big interest for the external threat agents and the hacker community.”

From the hacker’s point of view, he said, the health sector promises a good return on investment.

“The attackers are targeting health care sector more for financial gain than, really, trying to extract the information and sell it elsewhere. At the end of the day, they just want to get paid once they get in.”

Rob Martin, a vice-president for Waterloo, Ont.-based cyber security firm eSentire, agrees that criminals may move on to other victims after they’re paid — but that’s not necessarily the case.

“If someone is complacent, and doesn’t remediate or resolve the problem that caused things to happen in the first place, that threat will often times recur … and hold people hostage again.”

What’s more, Martin said, the criminals are “very opportunistic” and can find other ways to sell the information contained within the hacked database.

“On what’s referred to often as the dark web there are electronic sites … where you can buy identities and personal information quite inexpensively depending on the value of that data,” Martin said.

LifeLabs said Tuesday that the compromised database included health card numbers, names, email addresses, login, passwords and dates of birth but said it wasn’t sure how many of the files were accessed during the breach.

Privacy commissioners from B.C. and Ontario said they would examine the scope of the breach, the circumstances leading to it, and what measures LifeLabs could have taken to prevent and contain it.

Ontario’s health ministry said Wednesday that it will review the results of the commissioners’ independent investigation, including any recommendations, once released.

The ministry is also developing “concrete supports to ensure health information custodians are better able to securely manage personal health information in their custody.”

LifeLabs chief executive Charles Brown, who apologized publicly in Tuesday’s announcement about the hack, assured the public that its consultants have seen no evidence that the data has been trafficked by criminal groups.

It’s offering customers one year of free protection that includes dark web monitoring and identity theft insurance. It will also contact about 85,000 customers in Ontario whose lab results were obtained by the hackers.

However, Martin said, it’s possible that some of the personal information within any database could contain customer passwords that will give criminals access to other parts of their life such as their email, credit card or Netflix account.

Consumers can help protect themselves, he said, by avoiding simple passwords or re-using passwords for different accounts so that if one is hacked the threat can be limited.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

‘A little love can go a long way,’ says a Red Deer opioid user who supports overdose prevention

The OPS means higher survival rates and less needle debris, he adds

Red Deer’s overdose prevention staff want to counter misinformation

There are no free drug giveaways, and needles do not leave the building

Facility designed to divert waste from Sylvan Lake’s landfill to be ready by end of year

Fogdog Energy Solutions Inc. technology turns waste into a fluff

More help in Red Deer for youth addicted to drugs

New facility for Protection of Children Abusing Drugs (PChAD) program officially opened

Four flu deaths reported in central Alberta

19 influenza deaths across the province

Fashion Fridays: The basics you need for your body type

Kim XO, helps to keep you looking good on Fashion Fridays on the Black Press Media Network

Your community calendar

Jan. 22 Downtown House Senior Center (5414 43 St.) in Red Deer… Continue reading

David Marsden: Drug addicts deserve our care

The provincial government, rather than seizing an opportunity, is flirting with putting… Continue reading

Wheels in Motion: Canada’s Mitchell a quick study in track cycling

MILTON, Ont. — Canada’s Kelsey Mitchell returns this weekend to where it… Continue reading

Women’s players hope NHL All-Star Weekend helps their cause

ST. LOUIS — Annie Pankowski got an email from the NHL asking… Continue reading

Juno-nominated folk band the Jerry Cans to set out on nine-city Canadian tour

TORONTO — Iqaluit folk-rock ensemble the Jerry Cans are plotting a Canadian… Continue reading

Taylor Swift shakes Sundance with revealing documentary

PARK CITY, Utah — The normally private Taylor Swift premiered an intimate… Continue reading

Second day of search yields no sign of French snowmobilers missing in Quebec

ST-HENRI-DE-TAILLON, Que. — It was an exuberant group of French travellers who… Continue reading

Local Sports: Tyler Podgorenko’s presence with the Kings being felt

The biggest question surrounding the RDC Kings hockey team going into the… Continue reading

Most Read