Case Overview
LifeLabs is one of the largest medical testing companies in Canada, providing diagnostic medical testing services, including specimen collection, laboratory testing, and reporting of results to patients and health practitioners across the country. As such, LifeLabs is the custodian of a trove of highly sensitive health information about millions of Canadians. Each year, LifeLabs performs over 112 million laboratory tests on Canadians.
Around October 31, 2019, LifeLabs discovered that cyberattacks had penetrated its computer network, and had access to its system for nearly a year. During this time, the hackers extracted the personal health information and other private information of LifeLabs’ patients. An estimated 7 million Ontarians and 1.25 million B.C. residents may have been affected. After gaining access to LifeLabs’ computer network, the hackers demanded, and LifeLabs paid, an undisclosed amount of money as a ransom in an attempt to secure the data.
After securing the breach, on December 17, 2019, LifeLabs made a public announcement regarding the cyberattack and the resulting privacy breach. The Privacy Commissioners in Ontario and B.C. conducted a detailed joint investigation of the breach, in which they were highly critical of the cyber-security LifeLabs had in place at the time of the breach. LifeLabs has opposed the release of these Privacy Commissioners’ full reports.
Waddell Phillips has joined forces with other law firms in Ontario and BC to pursue a proposed class action against LifeLabs and associated companies in respect of the privacy breaches that LifeLabs’ customers suffered. The claim alleges that LifeLabs had inadequate cybersecurity, which allowed hackers to penetrate LifeLabs’ computer network, and extract the personal health information and other private information of an estimated 8.6 million Canadians. The compromised information includes medical lab test results, health card numbers, dates of birth, and other sensitive information. The vast majority of affected individuals are in Ontario and B.C., but individuals in other provinces and territories have been affected as well.
The Proposed Class Proceeding
The proposed class action alleges that the defendants are liable for breach of privacy, breach of contract and negligence, as well as other wrongs.
Several competing proposed class actions were commenced, but the plaintiffs agreed to proceed with one lead national action, to be prosecuted in Ontario. A companion action has been brought in BC, but is being held in abeyance while the Ontario action is being litigated.
A hearing was scheduled for March 2-3, 2023, in order to seek Court approval for the law suit to proceed as a class action. On March 1, 2023, the parties agreed to adjourn this hearing pending the finalization of a potential settlement between the plaintiffs and defendants. If the potential settlement is finalized, it will require Court approval before it takes effect.
This website will be updated the settlement is finalized, and notice will be published with details of the settlement approval motion.
There is no cost to you to participate in this class action. The lawyers are working on a contingency fee basis, which means that they will only be paid from the proceeds of the litigation, if successful. There is also no risk to class members to pay any adverse court costs.
Contact us
If you attended at a LifeLabs facility for medical testing over the past several years, your personal information may have been compromised in the cyberattack. LifeLabs directly notified everyone who they were able to identify had their lab orders or test results were compromised.
If you believe that you have been adversely affected by this privacy breach, including if your personal information has been compromised, we would like to hear from you about your experiences.
If you are interested in identifying yourself as a potential member of this class action or receiving more information about it, please contact us using the contact form below.
Your information will be kept strictly confidential and will be used only to communicate with you regarding this action and to assist with the prosecution of the action.
Case Overview
LifeLabs is one of the largest medical testing companies in Canada, providing diagnostic medical testing services, including specimen collection, laboratory testing, and reporting of results to patients and health practitioners across the country. As such, LifeLabs is the custodian of a trove of highly sensitive health information about millions of Canadians. Each year, LifeLabs performs over 112 million laboratory tests on Canadians.
Around October 31, 2019, LifeLabs discovered that cyberattacks had penetrated its computer network, and had access to its system for nearly a year. During this time, the hackers extracted the personal health information and other private information of LifeLabs’ patients. An estimated 7 million Ontarians and 1.25 million B.C. residents may have been affected. After gaining access to LifeLabs’ computer network, the hackers demanded, and LifeLabs paid, an undisclosed amount of money as a ransom in an attempt to secure the data.
After securing the breach, on December 17, 2019, LifeLabs made a public announcement regarding the cyberattack and the resulting privacy breach. The Privacy Commissioners in Ontario and B.C. conducted a detailed joint investigation of the breach, in which they were highly critical of the cyber-security LifeLabs had in place at the time of the breach. LifeLabs has opposed the release of these Privacy Commissioners’ full reports.
Waddell Phillips has joined forces with other law firms in Ontario and BC to pursue a proposed class action against LifeLabs and associated companies in respect of the privacy breaches that LifeLabs’ customers suffered. The claim alleges that LifeLabs had inadequate cybersecurity, which allowed hackers to penetrate LifeLabs’ computer network, and extract the personal health information and other private information of an estimated 8.6 million Canadians. The compromised information includes medical lab test results, health card numbers, dates of birth, and other sensitive information. The vast majority of affected individuals are in Ontario and B.C., but individuals in other provinces and territories have been affected as well.
The Proposed Class Proceeding
The proposed class action alleges that the defendants are liable for breach of privacy, breach of contract and negligence, as well as other wrongs.
Several competing proposed class actions were commenced, but the plaintiffs agreed to proceed with one lead national action, to be prosecuted in Ontario. A companion action has been brought in BC, but is being held in abeyance while the Ontario action is being litigated.
A hearing was scheduled for March 2-3, 2023, in order to seek Court approval for the law suit to proceed as a class action. On March 1, 2023, the parties agreed to adjourn this hearing pending the finalization of a potential settlement between the plaintiffs and defendants. If the potential settlement is finalized, it will require Court approval before it takes effect.
This website will be updated the settlement is finalized, and notice will be published with details of the settlement approval motion.
There is no cost to you to participate in this class action. The lawyers are working on a contingency fee basis, which means that they will only be paid from the proceeds of the litigation, if successful. There is also no risk to class members to pay any adverse court costs.
Contact us
If you attended at a LifeLabs facility for medical testing over the past several years, your personal information may have been compromised in the cyberattack. LifeLabs directly notified everyone who they were able to identify had their lab orders or test results were compromised.
If you believe that you have been adversely affected by this privacy breach, including if your personal information has been compromised, we would like to hear from you about your experiences.
If you are interested in identifying yourself as a potential member of this class action or receiving more information about it, please contact us using the contact form below.
Your information will be kept strictly confidential and will be used only to communicate with you regarding this action and to assist with the prosecution of the action.
The plaintiffs’ motion for certification, which was scheduled to proceed on March 2-3, 2023, was adjourned pending the finalization of a potential settlement with the defendants. If the potential settlement is finalized, it will require Court approval before it takes effect.
The Ontario action that is pursuing a national class action is the Carter action.
The action started in B.C. is being held in abeyance while the Ontario action is being prosecuted.
The plaintiffs’ motion for certification of this action as a class proceeding is scheduled to be heard on March 2-3, 2023. The parties completed cross-examinations of each other’s witnesses in October 2022, and are in the process of exchanging their written arguments.
If the action is certified, class counsel will publicize notice of certification, including by posting an update on this website. LifeLabs customers who do not wish to participate in the class action will then have an opportunity to exclude themselves from the action (opt out). Customers who do not opt out by the deadline set by the Court will be automatically included in the class action.
We are aware that LifeLabs sent email notices, like the one below, to individuals whose “my results” (online test results) account was breached in the cyber attack. If you have received such a notice, please contact us using the form in the “Ask a Question” tab.
We are also aware that LifeLabs sent email notices to customers whose online appointment booking accounts were breached in the cyberattack. For more information about this notice, please contact LifeLabs directly, as indicated.
Additional updates will be posted as the class action progresses.
We review every inquiry we receive and will respond promptly to case specific inquiries.
Contact us below and we’ll respond shortly.