Probe found LifeLabs ‘failed to take reasonable steps’ to protect client data in 2019 hack