LifeLabs CEO Charles Brown says he doesn't know if hacked test-result data was encrypted

    1 of 1 2 of 1

      Up to 15 million Canadians could have had their personal information obtained through a hack at LifeLabs.

      Cybercriminals may have also obtained 85,000 lab test results from Ontario customers.

      A day after this was revealed in the media and nearly two months after the initial breach occurred, the CEO still can't say if the company's data was encrypted.

      This morning, Charles Brown was asked this question by CBC Early Edition host Stephen Quinn. Brown stammered and paused before confessing that he didn't know the answer. (The interview is available here.)

      "I should know the answer but I don't know the data was encrypted," Brown told Quinn.

      Earlier in the program, former Ontario privacy commissioner Ann Cavoukian told Quinn that the company should have encrypted the sensitive medical information of its customers.

      The offices of the information and privacy commissioners of Ontario and B.C. are conducting a coordinated investigation.

      "I am deeply concerned about this matter," B.C.'s information and privacy commissioner, Michael McEvoy, said in a news release. "The breach of sensitive personal health information can be devastating to those who are affected."

      McEvoy and his Ontario counterpart, Brian Beamish, will publicly report their findings and offer recommendations.

      The cyberattack has been characterized in the media as a "ransomware" event.

      However, ransomware attacks typically involve locking an organization out of its electronic files rather than stealing data. 

      In this instance, Lifelabs said a payment was made to the cybercriminals to retrieve data.