Second claim filed against LifeLabs alleging company failure to protect patient data

Credit to Author: Derrick Penner| Date: Tue, 31 Dec 2019 01:12:21 +0000

A second civil claim has been filed against LifeLabs in a British Columbia court alleging the company failed to adequately protect the personal information of 15 million Canadian patients from a data breach last fall.

Lawyer Guy Collette filed suit on behalf of Anna Belle Tharani, a Vancouver area care aide, proposing the suit as a class action for all B.C. patients alleging that the failure exposed “Class Members to mental distress, identity theft and extortion.”

“LifeLabs had a duty to use reasonable care to protect the privacy of its patients,” the statement of claim argues, but “breached its duty to the class members resulting in the breach of their privacy.”

Tharani’s suit was registered in B.C. Supreme Court Dec. 18, the same day as the first B.C. suit filed by retired computer technician Kenneth Morrison. Neither claim has been proven in court.

At least two claims have also been filed in Ontario Superior Court, the second on Dec. 27, according to news reports.

LifeLabs, on Dec. 17, revealed that it had uncovered an unauthorized access of its data systems at the end of October, which potentially gave the intruder access to the personal information of clients including names, addresses, email, logins, passwords, dates of birth and health-card numbers.

Company CEO Charles Brown said the company shut down the unauthorized access and acted to isolate its servers from further attack, but revealed that it also paid a ransom to retrieve data from the breach.

LifeLabs has offered free cybersecurity services from TransUnion for one year and set up a hotline for customers, but it is no surprise to one cybersecurity expert that individuals would be filing suit.

“A lot of other companies receive the same treatment,” said Richard Frank, an assistant professor in criminology at Simon Fraser University and director of the International CyberCrime Research Centre.

However, Frank estimated that it would be difficult to prove damages and estimate a value for damages for individuals caught in the breach.

“You could put a dollar value onto data stolen from LifeLabs per person,” Frank said. “But multiply that by 15 million and it very quickly becomes unrealistic.”

Another data-breach case in Canada, the 2017 hacking of credit-reporting firm Equifax that saw the data of 20,000 Canadians among 145 million customers who were compromised, was rejected by a Quebec Superior Court in October.

In the U.S., Equifax paid out US$700 million to settle claims to the U.S. Federal Trade Commission for U.S. clients. However, Justice Donald Brisson ruled that the “risk of developing future harm is not an injury that can be compensated in Quebec Law,” according to news reports.

In Canada, the LifeLabs breach is being investigated jointly by the offices of the information and privacy commissioners in B.C. and Ontario.

depenner@postmedia.com

twitter.com/derrickpenner

https://vancouversun.com/feed/