Saskatchewan: Commissioner issues report on Lifelabs health data breach
The Office of the Saskatchewan Information and Privacy Commissioner ('OIPC') published, on 9 June 2020, an investigation report ('the Report') into a data breach suffered by LifeLabs LP which resulted in the unauthorised disclosure of personal health information of 93,647 Saskatchewan residents. In particular, the Report highlights that at the time of the attack, the Saskatchewan Health Authority ('the SHA') had control of the majority of the personal health information at the time of the attack and as LifeLabs could not authenticate the identities of certain individuals, the Report notes that the Commissioner was not satisfied with the notification efforts of LifeLabs and the SHA. Furthermore, the Report outlines that since a detailed summary was not provided, LifeLabs did not demonstrate that it fully investigated the breach or adopted appropriate preventative measures. Finally, the Commissioner recommended that the SHA conduct an audit of LifeLabs' response to the breach and that LifeLabs and the SHA provide cyber security protection to affected individuals from Saskatchewan for a minimum of five years.
You can read the Report here.