BORN Falls Victim to MOVEit Hacking Spree: The Better Outcomes Registry & Network (BORN), a healthcare entity supported by the Ontario government, has revealed that it’s one of the casualties in the widespread MOVEit hacking campaign conducted by the Clop ransomware group.
Key Takeaways to BORN Falls Victim to MOVEit Hacking Spree:
- BORN’s Data Breach: BORN, a perinatal and child registry in Ontario, suffered a security breach due to the MOVEit hacking campaign, which exploited a zero-day vulnerability in Progress MOVEit Transfer software.
- Data Exposure: The breach exposed sensitive information of about 3.4 million individuals, mainly newborns and pregnancy care patients, who utilized BORN’s services between January 2010 and May 2023. This data includes names, addresses, health card numbers, and more.
- Ongoing Monitoring: While BORN confirmed the breach, there’s currently no evidence of the stolen data being circulated on the dark web. The organization is actively monitoring the situation and advises affected individuals to remain cautious regarding unsolicited communication.
BORN’s Response to the Breach
- Isolating the Threat: Upon discovering the security breach on May 31, BORN promptly took action. They engaged cybersecurity experts to isolate the affected servers and contain the threat. This allowed the organization to maintain its essential operations.
- Exposed Data Details: The breached data encompasses critical personal information, including full names, home addresses, postal codes, and health card numbers. Depending on the type of care received from BORN, additional details such as dates of service, lab test results, and pregnancy-related information may also have been compromised.
- Monitoring for Misuse: While the breach is a cause for concern, BORN has not detected any signs of the stolen data being misused for fraudulent purposes. The organization continues to vigilantly monitor online platforms, including the dark web, to ensure the data remains secure.
- Actions for Potentially Impacted Individuals: For individuals who may be affected by this incident, BORN advises caution when handling incoming communications, especially unsolicited messages requesting sensitive information. Any suspicious online activity or attempted fraud should be promptly reported to both the police and the relevant service providers.
Conclusion
The breach affecting BORN underscores the ongoing challenges organizations face in safeguarding sensitive healthcare data.
While BORN has taken immediate measures to address the breach and ensure the security of its operations, the incident serves as a reminder of the importance of robust cybersecurity measures and constant vigilance, particularly in the healthcare sector.
About BORN: The Better Outcomes Registry & Network (BORN) is a healthcare organization based in Ontario, Canada, primarily focused on perinatal and child data. It plays a vital role in collecting, interpreting, sharing, and securing critical information related to pregnancy, birth, and childhood within the province. BORN’s mission is to enhance healthcare outcomes and support research in these areas.
About the MOVEit Hacking Campaign: The MOVEit hacking campaign, associated with the Clop ransomware group, exploited a zero-day vulnerability in the Progress MOVEit Transfer software to compromise and steal data from numerous organizations worldwide. This incident serves as a stark example of the evolving cybersecurity threats that organizations must contend with in an increasingly digital world.
