Product details

By continuing to use our site you consent to the use of cookies as described in our privacy policy unless you have disabled them.
You can change your cookie settings at any time but parts of our site will not function correctly without them.
New product
Published by: Open Access Teaching Case Journal
Published in: 2023
Notes: This item is part of a free case collection. For terms & conditions go to www.thecasecentre.org/freecaseterms

Abstract

This teaching case describes a ransomware cyber attack in 2019 at LifeLabs, a Canadian health diagnostic company. During the attack, LifeLabs decided to pay a ransom amount to the attackers. This case explores the pros and cons of making that decision and asks the reader to consider the implications of the decision. The case describes the chronology of the attack, which began in 2018 and was discovered one year later. The case describes the investigations by privacy commissioners in Ontario, British Columbia, and Saskatchewan; the latter investigation being the only public document fully available. LifeLabs, through court orders, has prohibited the full publication of investigation reports by privacy commissioners in Ontario and British Columbia. Court documents created during the class action lawsuit provide detailed information about what LifeLabs did and did not do in responding to the cyber attack. The key case question to be answered is this: Is it ethical and appropriate to pay ransom in a cyber attack?

Teaching and learning

This item is suitable for undergraduate courses.

Time period

The events covered by this case took place in 2019.

Geographical setting

Region:
Americas
Country:
Canada

About

Abstract

This teaching case describes a ransomware cyber attack in 2019 at LifeLabs, a Canadian health diagnostic company. During the attack, LifeLabs decided to pay a ransom amount to the attackers. This case explores the pros and cons of making that decision and asks the reader to consider the implications of the decision. The case describes the chronology of the attack, which began in 2018 and was discovered one year later. The case describes the investigations by privacy commissioners in Ontario, British Columbia, and Saskatchewan; the latter investigation being the only public document fully available. LifeLabs, through court orders, has prohibited the full publication of investigation reports by privacy commissioners in Ontario and British Columbia. Court documents created during the class action lawsuit provide detailed information about what LifeLabs did and did not do in responding to the cyber attack. The key case question to be answered is this: Is it ethical and appropriate to pay ransom in a cyber attack?

Teaching and learning

This item is suitable for undergraduate courses.

Settings

Time period

The events covered by this case took place in 2019.

Geographical setting

Region:
Americas
Country:
Canada

Related