Article content
A long-withheld investigation into a 2019 hacking at LifeLabs Inc. that compromised millions of Canadians’ health data has finally been made public after an Ontario court dismissed the company’s appeal to prevent its release.
Advertisement 2
Article content
Recommended Videos
A statement from the privacy commissioners of Ontario and British Columbia says their joint report, completed in June 2020, found that LifeLabs “failed to take reasonable steps” to protect clients’ data while collecting more personal health information than was “reasonably necessary.”
The report ordered LifeLabs to address a number of issues such as appropriately staffing its security team, and the commissioners’ statement says the company complied with all of the orders and recommendations.
LifeLabs had cited litigation and solicitor-client privilege to prevent the document’s publication, but this was opposed by the commissioners’ offices.
Recommended from Editorial
-
OMERS selling LifeLabs to Quest Diagnostics in deal valued at $1.35B
-
LifeLabs hack raises questions about health data security
Your Midday Sun
Article content
Advertisement 3
Article content
The company then sought a judicial review in Divisional Court in Ontario before the case made its way to the Ontario Court of Appeal, where LifeLabs’ appeal was dismissed.
B.C. information and privacy commissioner Michael Harvey says in a statement that “the road to accountability and transparency has been too long” for the victims of the data breach.
“LifeLabs’ failure to put in place adequate safeguards to protect against this attack violated patients’ trust, and the risk it exposed them to was unacceptable,” Harvey says. “When this happens, it is important to learn from past mistakes so others can prevent future breaches from happening.
“But to learn from lessons, we need to share them.”
RECOMMENDED VIDEO
Advertisement 4
Article content
We apologize, but this video has failed to load.
Ontario information and privacy commissioner Patricia Kosseim says in the statement that she is pleased with the court’s decision to uphold the decision by her office “to help restore public trust in the oversight mechanisms designed to hold organizations accountable.”
In May, Canadians who applied to be part of a class-action lawsuit against LifeLabs began receiving cheques and e-transfers, with administrator KPMG saying more than 900,000 valid claims were received.
An Ontario court had approved a total nationwide settlement of up to $9.8 million in the data breach, which allowed hackers to access the personal information of up to 15 million customers.
Article content