VANCOUVER -- Canadian-owned laboratory services company LifeLabs has been ordered to cut the amount of personal health information it collects and improve the way it safeguards the details it does keep.

The privacy commissioners of B.C. and Ontario made the orders following a joint investigation into a cyberattack last year on LifeLabs, which exposed the private health details of millions of patients.

LifeLabs says the attack occurred October 28th, privacy officials were informed within days and the joint investigation was ordered in mid-December.

The cyberattack compromised the personal privacy of approximately 15 million customers.

LifeLabs faces several requirements to better protect its data and B.C. privacy commissioner Michael McEvoy says his office would have also levied a fine but current legislation doesn't allow it, so he says the case highlights the need for stiffer laws.

This report by The Canadian Press was first published on June 25, 2020.