The Better Outcomes Registry & Network (BORN), a healthcare organization in Ontario, has disclosed a significant data breach affecting around 3.4 million individuals.
Furthermore, the breach resulted from a cyberattack involving the Cl0p ransomware’s MOVEit hacking campaign, which exploited a zero-day vulnerability in Progress MOVEit Transfer software, impacting numerous organizations globally. BORN, responsible for collecting, interpreting, and safeguarding perinatal and child registry data in Ontario, detected the breach on May 31 and promptly notified authorities, including the Privacy Commissioner of Ontario.
Upon discovering the breach, BORN engaged cybersecurity experts to isolate affected servers and mitigate the threat, ensuring the continuity of its operations. The investigation into the incident revealed that threat actors had copied sensitive data belonging to approximately 3.4 million people, primarily newborns and pregnancy care patients who had received services from BORN between January 2010 and May 2023.
The exposed data encompasses personal information such as full names, addresses, health card numbers, and additional details related to care services, lab results, pregnancy risk factors, and more.
Despite confirming the data breach, BORN has not identified any evidence suggesting that the stolen data has been misused or circulated on the dark web. The organization is actively monitoring online channels for any signs of related activity.
Individuals potentially affected by the breach are advised to exercise caution when handling incoming communications and to report any suspicious activity to law enforcement and relevant service providers. This incident underscores the ongoing challenges and threats posed by cyberattacks to sensitive healthcare data and the need for robust cybersecurity measures in the healthcare sector.