Hackers may have obtained the personal data - including addresses, customer logins and passwords, birthdays, lab results and health care numbers - of almost 15 million medical patients in a recent cyber-attack on LifeLab's computer systems.
In the letter, LifeLabs president and CEO Charles Brown said the company has taken several measures to protect customer information, including retaining "world-class cyber security experts" to identify the scope of the breach and secure the affected systems; retrieving the data by making a payment; and notifying the OIPC and IPC.
The information that cyber criminals might have had access to includes names, addresses, emails, patient login passwords, and health-card numbers.
The laboratory's investigation into the incident indicates that the lab-test results of around 85,000 Ontario customers, who underwent tests in 2016 or earlier, may have been impacted in the incident.
While customers will be concerned that their medical test results could be released, the real risk is the unauthorized use of identifiable information that can be used to open a bank account, get a credit card, obtain a loan or buy a vehicle, he added.
The Toronto-based company declined to say how much money was paid to secure the data.
The document says it is open to any B.C. resident who has been a customer of LifeLabs before December 17, 2019.
LifeLabs also said the majority of affected customers, who used its labs for diagnostic, naturopathic, and genetic tests, reside in British Columbia and Ontario, with relatively few customers in other locations.
While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this attack and they are investigating the matter.
Comey says there was 'real sloppiness' in Carter Page FISA warrants
The FBI's inspector general, Michael Horowitz, detailed the errors in a sharply critical report last week. Comey was far more contrite on Sunday than he was less than a week ago.
BleepingComputer has reached out to LifeLabs for more information, but have not heard back as of yet.
LifeLabs has revealed it was the subject of a recent cyber security attack.
"We believe that this sort of attack fits into that model and why we believe the threat to individuals is low", Brown said.
"An attack of this scale is extremely troubling", Brian Beamish, Information and Privacy Commissioner of Ontario, said in a release.
"Our independent offices are committed to thoroughly investigating this breach", said McEvoy.
However, while the commissioners said they will report publicly on their findings and recommendations once the work is complete, they will not discuss details of its proceedings while it is underway.
Last month, cybersecurity firm McAfee said that 33 per cent of Canadians have lost $500 or more in online scams this year.
Offering cyber security protection services to our customers, such as identity theft and fraud protection insurance.