The private laboratory service provider has been ordered to improve how it collects and stores patient information.
It stems from a cyberattack on Lifelabs in 2020.
An investigation by the Information and Privacy Commissioners in Ontario and British Columbia found the company lacked adequate security policies and the process of notifying
patients of the breach to be inadequate.
While Lifelabs was recognized for taking immediate steps to contain and investigate the breach, the Commissioners ruled the company failed to take reasonable steps to safeguard the information it collected.
In one case, it collected more information than was necessary.
Lifelabs has since taken corrective measures.
It was ordered to improve on specific practices regarding information technology security.
The company was also ordered to stop collecting certain information and destroy what had been collected already.
