LifeLabs Cyberattack Exposes eHealth Information
In November 2019, LifeLabs, Canada’s largest laboratory diagnostics and testing service, was the victim of a cyberattack. Hackers accessed over 85,000 test results, thanks to a vulnerability they exploited in the company’s web application.
Among the data stolen from LifeLabs were customers’ home addresses, email addresses, phone numbers, health card numbers, usernames, and passwords. The amount of data accessed was staggering; 15 million customers were affected.
In the end, LifeLabs worked with law enforcement and ended up paying an undisclosed amount of money to the hackers to retrieve the sensitive data. They also patched the system to prevent any future attacks from targeting the same vulnerability.
Security experts agree that the eHealth sector is not well-positioned to avoid these cyberattacks. To further prove that point, three Ontario hospitals had their computer systems crippled by hackers in 2019.
Because of tight budgets in healthcare IT, security isn’t often given the attention and care it deserves. Hackers are smart and know how to identify where security protocols and data protection may not be ideal. The eHealth industry is low-hanging fruit for hackers who have had success penetrating the defenses of many companies.
Depending on the size of the organization (and its budget), IT departments can have systems in place where web application vulnerability is tested both periodically and with every new release. By making vulnerability assessments a requirement, the chances of vulnerabilities slipping through the cracks before the application is released decreases substantially.
When internal IT resources are already stretched thin, there are services and partners that can perform vulnerability assessments for an organization. Having an outside, expert opinion can also offer a much-needed second perspective, which is key to early threat detection and elimination. Security companies, like Canary Trap, can assess web applications to make sure customers don’t fall victim to hackers exploiting vulnerabilities.