In a devastating data breach, Ontario’s government-funded birth registry, BORN Ontario, has reported that over a decade’s worth of personal health data of close to two million newborns and children has been stolen. The breach, which occurred between January 2010 and May 2023, has affected a total of 3.4 million people who sought pregnancy care across the Canadian province.
Key Takeaway:
Ontario’s government-funded birth registry, BORN Ontario, has suffered a major data breach, resulting in the theft of personal health data of nearly two million newborns and children. The breach, attributed to the mass-hack of the file transfer tool MOVEit, has raised concerns about data security and highlights the urgent need for organizations to prioritize the protection of sensitive information.
Hackers Target MOVEit Mass-Hack and BORN Ontario
The cyberattack has been attributed to the mass-hack of MOVEit, a popular file transfer tool used by organizations to share large data sets over the internet. Clop, a notorious Russian-linked ransomware and extortion group, has claimed responsibility for the MOVEit mass-hacks. However, they have not yet claimed BORN Ontario as one of their victims. BORN Ontario collects data from healthcare providers, labs, and hospitals to improve pregnancy care and healthcare for children.
Data Compromised and Individuals Affected
The stolen information includes names, dates of birth, addresses, postal codes, and health card numbers. Additionally, clinical information such as dates of care and service, lab test results, pregnancy risk factors, type of birth, procedures, and pregnancy and birth outcomes were also compromised. BORN Ontario has notified individuals affected, including those who gave birth or received pregnancy care between 2010 and 2023 and those undergoing IVF or egg banking procedures between 2013 and 2023.
The Extent of the MOVEit Mass-Hacks
The MOVEit mass-hacks have affected more than 60 million individuals. However, as only a fraction of affected organizations have disclosed their incidents, the actual number of victims is likely to be much higher. More than a thousand organizations, including U.S. federal agencies, have been impacted by the mass-hack. Clop exploited a vulnerability in the software to scan the internet for affected devices and access the data stored within.
