Medical company LifeLabs recently fell victim to hacking, revealing some glaring issues with their IT systems. The hacking has potentially affected millions of customers across Canada. Basic security protocols by an informed IT partner could have prevented this costly security incident.

Ransomware is the practice of using computer software to freeze or steal company data and hold it for ransom. With many vulnerable targets, it’s easy money for hackers.

The public messaging that follows a ransomware hit usually includes phrases like “sophisticated” and “targeted attack.” But in fact, these attacks are far from sophisticated.

If someone hacks your company’s data, here’s what has likely happened

  1. Someone in the office picked up a piece of ransomware coming from an online source, and it locked all your files.
  2. You didn’t have working backups, so you had to pay to unlock the files.

In the case of LifeLabs, I won’t speculate on how exactly their data security allowed this to happen. But it was probably quite bad.

Here are some other insights into this type of attack:

  1. It’s unlikely LifeLabs was specifically targeted.
  2. The type of attack is not “new” or “sophisticated.”
  3. Some basic security would have stopped this. And if it didn’t, working backups would have restored the data without incident (and without having to pay hackers a hefty ransom to get the data back).
  4. Ransomware is profitable but not particularly skillful. There are many easy targets with gaps in data security protocols, so hackers can easily make money without much skill.

Think of data security as mandatory basic insurance for any business, municipality, or non-profit, big or small. And when you have something in place, ask your IT company: do we have a plan for what to do if and when our hacking safeguards fail?