Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Continued MOVEit Data Breach: 3+ Million Individuals Affected

Executive Summary

Ontario’s government-funded birth registry, BORN Ontario, confirmed a major MOVEit data breach affecting around 3.4 million individuals seeking pregnancy care, including nearly two million newborns and children in the province.

This breach resulted from a cyberattack linked to the MOVEit mass-hack.

What Happened

The data breach involved the unauthorized access and copying of data spanning over a decade, including fertility, pregnancy, newborn, and child healthcare records provided between January 2010 and May 2023.

It affected individuals who gave birth or whose child was born between April 2010 and May 2023, received pregnancy care between January 2012 and May 2023, or underwent IVF or egg banking procedures between January 2013 and May 2023.

The stolen information included names, dates of birth, addresses, postal codes, health card numbers, and clinical data such as dates of care and service, lab test results, pregnancy risk factors, type of birth, procedures, and pregnancy and birth outcomes.

Response

The incident was detected on May 31, but there was a delay in notifying affected individuals.

BORN Ontario attributed the cyberattack to the MOVEit mass-hack, which was orchestrated by the Russian-linked ransomware and extortion group Clop. It’s worth noting that Clop had not claimed responsibility for the BORN breach at the time of the report, although they were behind the larger MOVEit mass-hack affecting millions of individuals.

BORN Ontario took several actions in response to the breach. They contacted law enforcement and informed Ontario’s privacy watchdog, the Information and Privacy Commissioner.

However, it’s not clear whether a ransom demand was made or if any ransom was paid to the cybercriminals. BORN Ontario‘s spokesperson did not provide comment on this matter.

BORN Ontario summarized the incident as follows in their statement about the hack:

  • BORN (the Better Outcomes Registry & Network) was impacted by a cybersecurity breach caused by a global vulnerability of the software we use, Progress MOVEit, to perform secure file transfers.
  • During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems.
  • The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.
  • After becoming aware of the incident on May 31, 2023, BORN posted a public notice on our website about the incident and notified relevant authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
  • An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023.
  • Data privacy is paramount to everything we do at BORN. We began working with cybersecurity experts immediately to isolate the affected computer server, contain the threat, investigate the full scope of the incident, and to ensure our systems were safe to continue our operations. While attacks on third-party software are difficult to prevent, we’ve taken additional measures to further strengthen our security controls to limit the potential for this type of incident happening again.
  • At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes. We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale.
  • There are no additional steps you need to take.
About MOVEit Mass-Hack

The MOVEit mass-hack is a significant cyberattack that has affected over 60 million individuals so far.

The attack primarily targeted organizations using MOVEit, a file transfer tool for sharing large datasets online. Clop, the cybercriminal group responsible for the mass-hack, exploited vulnerabilities in MOVEit software, allowing them to scan the internet for affected devices and access data.

This breach has impacted more than a thousand organizations, including U.S. federal agencies, which relied on MOVEit. Cl0p has a history of targeting file transfer tools and has previously compromised other similar systems. Security experts emphasize the importance of understanding data storage and security practices to prevent such incidents.

BORN Ontario‘s breach ranks as the sixth-largest in terms of the number of individuals affected within the MOVEit mass-hacks, following other notable breaches involving Maximus, Alogent, and several U.S. states.

Please see our earlier news related to the MOVEit Mass-Hack:

We will continue to monitor the situation and share any significant updates.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00