Privacy Breaches are happening more and more often and today, the Office of the Information and Privacy Commissioner (OIPC) released another notice to Albertans which potentially affects 21,670 people who trusted their personal health information was secure. Find notice here
Privacy Breaches are not easy to navigate or talk about, but when your name, address, email, logins, passwords, date of birth, health card numbers, gender, phone numbers, password security questions and lab test results may be compromised, you need to know how to act fast for your own piece of mind.
If you are an Albertan who visited a LifeLabs for a test or received a test/service from LifeLabs Genetics and Rocky Mountain Analytical, then it is likely your information is in their database and may have been compromised. You can confirm this by contacting LifeLabs, on their dedicated phone line for responding to this breach incident, at 1-888-918-0467.
More information can also be found on the website.
The OIPC has opened an investigation into this cyberattack announced by LifeLabs on December 17, 2019. Their investigation is to determine whether LifeLabs has complied with its obligations under the Health Information Act and/or the Personal Information Protection Act in responding to this breach. Expect a long timeline for this investigation as there are a variety of factors to consider. You can contact the OIPC for an update, however, it is expected that a public release will be issued once the investigation is complete.
Breach Response Plans
Under the HIA, businesses and organizations such a LifeLabs are required to have a genuine and effective communication plan as part of their privacy breach response strategy because when a potentially serious privacy breach occurs, such as this, it often creates a stressful situation for those who need to respond. It can be tempting for businesses or organizations to quickly rectify the situation or simply hope that nothing comes of it. These thoughts are derived mainly from fear of repercussions, however, this is not the time for a quick cover up or ignorance plea.
Affected individuals need to be made aware of a breach to their privacy through a form of effective communication deemed applicable to the situation. For example, individuals affected by a health information (ie: diagnosis, lab results) breach will require a formal letter from someone with authority within the organization to discuss the breach in more detail should the breached individual require. This is a foundational piece of an organization’s breach response strategy and a cornerstone for all response plans. Effective ongoing communication throughout the initial phase is what the affected individuals will require.
Who else can help?
Contact the OIPC if you have spoken to LifeLabs, are confirmed affected by this cyberattack and have not yet received a letter with next steps. OIPC Phone: 780-422-6860