This privacy breach class action is brought against LifeLabs and associated companies on behalf of an estimated 8.6 million Canadians whose personal information, including 131,957 individuals whose lab requisitions or results, were compromised in a cyberattack.
Waddell Phillips PC is working with a team of other law firms across Canada in prosecuting this action.
Case Overview
LifeLabs is one of the largest medical testing companies in Canada, providing diagnostic medical testing services, including specimen collection, laboratory testing, and reporting of results to patients and health practitioners across the country. As such, LifeLabs is the custodian of a trove of highly sensitive health information about millions of Canadians. Each year, LifeLabs performs over 112 million laboratory tests on Canadians.
Around October 31, 2019, LifeLabs discovered that cyberattacks had penetrated its computer network, and had access to its system for nearly a year. During this time, the hackers extracted the personal health information and other private information of LifeLabs’ patients. An estimated 7 million Ontarians and 1.25 million B.C. residents may have been affected. After gaining access to LifeLabs’ computer network, the hackers demanded, and LifeLabs paid, an undisclosed amount of money as a ransom in an attempt to secure the data.
After securing the breach, on December 17, 2019, LifeLabs made a public announcement regarding the cyberattack and the resulting privacy breach. The Privacy Commissioners in Ontario and B.C. conducted a detailed joint investigation of the breach, in which they were highly critical of the cyber-security LifeLabs had in place at the time of the breach. LifeLabs has opposed the release of these Privacy Commissioners’ full reports.
Waddell Phillips has joined forces with other law firms in Ontario and BC to pursue a proposed class action against LifeLabs and associated companies in respect of the privacy breaches that LifeLabs’ customers suffered. The claim alleges that LifeLabs had inadequate cybersecurity, which allowed hackers to penetrate LifeLabs’ computer network, and extract the personal health information and other private information of an estimated 8.6 million Canadians. The compromised information includes medical lab test results, health card numbers, dates of birth, and other sensitive information. The vast majority of affected individuals are in Ontario and B.C., but individuals in other provinces and territories have been affected as well.
The Class Proceeding
This class action alleges that the defendants are liable for breach of privacy, breach of contract and negligence, as well as other wrongs. When the claim was commenced, it included a claim for “intrusion upon seclusion”, which allows for a claim for damages without proof of loss. Since then, the courts (up to the Supreme Court of Canada) have determined that a claim for intrusion upon seclusion cannot be brought against the corporate victim of a third party cyber-attack. Rather, to succeed in the action, the victims would each have to prove that they suffered personal losses that they can prove were caused by the theft of their personal information.
Several competing proposed class actions were commenced, but the plaintiffs agreed to proceed with one lead national action, to be prosecuted in Ontario. A companion action has been brought in BC, but is being held in abeyance while the Ontario action is being litigated.
Case Overview
LifeLabs is one of the largest medical testing companies in Canada, providing diagnostic medical testing services, including specimen collection, laboratory testing, and reporting of results to patients and health practitioners across the country. As such, LifeLabs is the custodian of a trove of highly sensitive health information about millions of Canadians. Each year, LifeLabs performs over 112 million laboratory tests on Canadians.
Around October 31, 2019, LifeLabs discovered that cyberattacks had penetrated its computer network, and had access to its system for nearly a year. During this time, the hackers extracted the personal health information and other private information of LifeLabs’ patients. An estimated 7 million Ontarians and 1.25 million B.C. residents may have been affected. After gaining access to LifeLabs’ computer network, the hackers demanded, and LifeLabs paid, an undisclosed amount of money as a ransom in an attempt to secure the data.
After securing the breach, on December 17, 2019, LifeLabs made a public announcement regarding the cyberattack and the resulting privacy breach. The Privacy Commissioners in Ontario and B.C. conducted a detailed joint investigation of the breach, in which they were highly critical of the cyber-security LifeLabs had in place at the time of the breach. LifeLabs has opposed the release of these Privacy Commissioners’ full reports.
Waddell Phillips has joined forces with other law firms in Ontario and BC to pursue a proposed class action against LifeLabs and associated companies in respect of the privacy breaches that LifeLabs’ customers suffered. The claim alleges that LifeLabs had inadequate cybersecurity, which allowed hackers to penetrate LifeLabs’ computer network, and extract the personal health information and other private information of an estimated 8.6 million Canadians. The compromised information includes medical lab test results, health card numbers, dates of birth, and other sensitive information. The vast majority of affected individuals are in Ontario and B.C., but individuals in other provinces and territories have been affected as well.
The Class Proceeding
This class action alleges that the defendants are liable for breach of privacy, breach of contract and negligence, as well as other wrongs. When the claim was commenced, it included a claim for “intrusion upon seclusion”, which allows for a claim for damages without proof of loss. Since then, the courts (up to the Supreme Court of Canada) have determined that a claim for intrusion upon seclusion cannot be brought against the corporate victim of a third party cyber-attack. Rather, to succeed in the action, the victims would each have to prove that they suffered personal losses that they can prove were caused by the theft of their personal information.
Several competing proposed class actions were commenced, but the plaintiffs agreed to proceed with one lead national action, to be prosecuted in Ontario. A companion action has been brought in BC, but is being held in abeyance while the Ontario action is being litigated.
A settlement of this class action was approved by the Court on October 25, 2023. The Settlement Agreement can be viewed here and under the “Documents” tab. The settlement approval order will be posted once received from the Court.
Under the terms of the Settlement, LifeLabs will pay a guaranteed amount of $4.9M, and up to a further $4.9M, depending upon the number of Class members who make valid claims for compensation.
The amount of compensation that each individual Class member may receive will be dependent upon the number of valid claims made.
Given the large number of valid claims received (901,544), which substantially surpassed all estimates, all class members who made valid claims will receive an e-Transfer of $7.86 or a cheque of $5.86 (which includes the deduction of a $2.00 cheque processing fee). The amounts have been calculated in accordance with the Court-approved terms of distribution. There is no ability to dispute the amount that is payable to each claimant under the terms of the settlement.
To learn more about the Settlement, please refer to the Settlement Approval Notice which you can also find under the “Documents” tab, along with the Settlement Agreement also available under the “Documents” tab.
The time has now passed to opt out of this class action.
We review every inquiry we receive and will respond promptly to case specific inquiries.
Contact us below and we’ll respond shortly.