Canadian digital health data breaches: time for reform 加拿大數位醫療資料漏洞:進行改革的時候了

刊登時間

Canadian health data experts and class action lawyers say that a data ransom payment, after a massive security breach that potentially involves 15 million patients' electronic records, raises profound questions about the vulnerability of digital health information systems and the need for better prevention guidelines.

The security breach affected Toronto-based LifeLabs, one of world's largest medical testing companies that does over 100 million laboratory tests on Canadians annually. The breach was made public on Dec 17, 2019, when Chris Brown (CEO of LifeLabs) released an open letter to Canadians describing a “recently identified [a] cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results”. After offering a personal apology, Brown went on to explain that LifeLabs attempted to retrieve the data by making a ransom payment stating, ”we did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals”.

Responding to questions from The Lancet Digital Health, Chris Carson, Senior Vice President, Corporate Affairs, Strategy and Innovation at LifeLabs said, “it was a difficult decision to pay the ransom, but we believed that customers would want us to do everything possible to retrieve their data”.

總部位於多倫多的LifeLabs發生了大規模安全漏洞(可能涉及1500萬患者的電子記錄),並支付了巨額的贖金,該漏洞於2019年12月17日公佈,當時Chris Brown(LifeLabs的首席執行官)向加拿大人發布了一封公開信,描述了“最近發現的網絡攻擊,涉及未經授權的訪問我們的計算機系統,其中包含客戶信息,包括名稱,地址,電子郵件,登錄名,密碼,出生日期,健康卡號和實驗室測試結果”。道歉後,布朗繼續解釋說,LifeLabs試圖通過支付贖金來檢索數據,“我們是與熟悉網絡攻擊和與網絡犯罪分子進行談判的專家合作完成的”。

這個事件除了凸顯了HIT系統的脆弱性,也使專家們開始檢討是否需要更好的預防指南

【MORE】