A significant data breach has been uncovered in the Better Outcomes Registry and Network (BORN) of Ontario, a repository for perinatal and child health information. The breach has affected approximately 3.4 million individuals, including parents seeking pregnancy care and their newborns. The breach, which was detected on May 31, 2023, spans over a decade’s worth of records from January 2010 to May 2023.
The BORN data breach is believed to be linked to the exploitation of a vulnerability in MOVEit, a file transfer platform by Progress Software. This platform has been aggressively targeted by the notorious Clop ransomware group, although the group has not officially claimed responsibility for the breach. BORN has confirmed the breach in an official incident summary.
The breach has compromised a wide range of sensitive information, including names, dates of birth, addresses, postal codes, and health card numbers. In addition, clinical data such as dates of care, lab results, pregnancy risk factors, type of birth, and associated care has also been compromised. This breach poses an unprecedented threat to the privacy of millions of individuals who have given birth or had a child born between April 2010 and May 2023, as well as those who received pregnancy care between January 2012 and May 2023.
BORN has responded swiftly to the breach by notifying law enforcement and the Information and Privacy Commissioner of Ontario. It is unclear whether a ransom was demanded or paid to the cybercriminals responsible for the breach. BORN is actively monitoring both conventional and dark web channels for any signs of unauthorized data usage.
To reassure those affected by the breach, BORN has emphasized that it will never solicit sensitive personal information through unsolicited channels such as email, text, or phone calls. The organization is taking comprehensive measures to fortify its security controls and prevent similar incidents in the future. Alicia St.Hill, BORN Ontario’s Executive Director, expressed deep regret over the incident and reaffirmed the organization’s commitment to ensuring the safety and well-being of individuals in Ontario.
The BORN data breach highlights the vulnerability of digital health data repositories and is considered one of the largest cyberattacks of 2023. The Clop ransomware group, known for its recent attacks on the MOVEit software, has emerged as one of the most influential threat actors this year.
It is important to note that this report is based on internal and external research obtained through various means, and the information provided is for reference purposes only. Users should bear full responsibility for their reliance on this information, and the Cyber Express assumes no liability for the accuracy or consequences of its use.
In conclusion, the BORN data breach has exposed millions of individuals to the compromise of their personal health data. BORN is taking immediate action to mitigate the potential fallout and strengthen its security controls. The breach serves as a stark reminder of the vulnerability of digital health information and the need for robust cybersecurity measures in healthcare organizations.