The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware’s MOVEit hacking spree.
BORN is a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.
MOVEit attacks leveraged a zero-day vulnerability (CVE-2023-34362) in the Progress MOVEit Transfer software to compromise and steal data from thousands of organizations worldwide.
BORN first became aware of the security breach on May 31 and posted a public notice on its site while simultaneously notifying the relevant authorities (Privacy Commissioner of Ontario).
The firm engaged with cybersecurity experts to isolate the impacted servers and contain the threat, which allowed its operations to continue.
The investigation revealed that the threat actors copied files containing sensitive information of approximately 3.4 million people, primarily newborns and pregnancy care patients, who benefited from BORN services between January 2010 and May 2023.
The exposed data includes the following:
- Full name
- Home address
- Postal code
- Date of birth
- Health card number
Depending on the type of care received by BORN, the addional data below may have been exposed as well:
- Dates of service/care,
- Lab test results,
- Pregnancy risk factors,
- Type of birth,
- Procedures,
- Pregnancy and birth outcomes
BORN created a web page with details about the impact the incident has on its patients and who is likely affected by the data theft.
Despite confirming the data breach, BORN says there is no evidence that any stolen data is being circulated on the dark web yet.
“At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes,” reads BORN’s notice.
“We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale” – BORN
Individuals who are potentially impacted by this security incident are not recommended to take other action at this time apart from treating incoming communication with caution and be suspicious especially of unsolicited messages requesting sensitive data.
Any suspicious activity detected on online accounts or defrauding attempts should be reported to the police and concerned service providers.