LifeLabs Launches Vulnerability Disclosure Program

Written by

Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems today announced the launch of a new Vulnerability Disclosure Program (VDP).

LifeLabs Medical Laboratory started the VDP program with the intention of strengthening cybercrime detection technology across its online tools, apps, and solutions.

“Our goal is to continue to innovate and lead the health care industry in cybersecurity, offering the best protection and customer experience when accessing digital health records,” said LifeLabs CISO Mike Melo.

Crowdsourced cybersecurity platform Bugcrowd is working with LifeLabs to deliver the program and streamline the process of accepting, triaging, and remediating vulnerabilities and issues as they are spotted by cybersecurity researchers.

“Implementing a Vulnerability Disclosure Program is a key piece in our commitment to becoming a global leader in protecting our customers’ health care data and accelerating our plan to achieve ISO 270001 certification—an industry gold standard in information security,” said Charles Brown, president and CEO, LifeLabs. 

“By actively staying ahead of threats, the VDP will further enhance our security-first mentality and vulnerability management.”

The outbreak of COVID-19 has made cybersecurity even more crucial than before by increasing the adoption of virtual and digital health care options. 

“VDP programs are a critical component of any organization’s security program, but they are especially important for health care organizations amid the rapidly evolving security threat landscape brought on by the pandemic,” said Ashish Gupta, CEO, Bugcrowd. 

“Our VDP solution gives these companies peace of mind by providing a proactive approach to security with end-to-end management for vulnerability submission, validation, and remediation advice.”

But cybersecurity was a challenge for LifeLabs before the pandemic hit. In December 2019, LifeLabs paid an undisclosed sum to secure data belonging to millions of its customers that was compromised during a cyber-attack. 

The data breach, which could have impacted 15 million LifeLabs customers, occurred on October 28, 2019. In January 2020, a class-action lawsuit was filed against the company over the data breach.

The plaintiffs claimed that LifeLabs stored customers' personal information on unsecured networks or servers, failed to implement "any, or adequate, cyber-security measures," didn't encrypt data, and neglected to hire or train any personnel responsible for network security management.

What’s hot on Infosecurity Magazine?