BORN, the healthcare organisation of Ontario that maintains the perinatal and child registry, has been disclosed to be a victim of MOVEit Transfer attacks.
Though it initially found evidence of a breach in late May, the organisation’s concluding investigation revealed the numbers now that personal records of around 3.4 million people were leaked in this breach. While there’s nothing the affected people can do, BORN advises persons to remain vigilant of any further suspicious activities.
Leaking Children’s Data in MOVEit Attacks
Better Outcomes Registry & Network (BORN), the Ontario government-funded healthcare organisation for maintaining perinatal and child registries, has this week disclosed a data breach incident.
The organisation claims it’s a victim of the MOVEit Transfer supply chain attacks, led by Clop Ransomware, by exploiting a zero-day bug in the file-sharing software. The ransomware gang has claimed hundreds of companies as victims, including public, private and government organizations.
As the affected institution slowly realized and disclosed their findings, BORN published a notice saying they were aware of the security breach on May 31. Informing the relevant authorities (Privacy Commissioner of Ontario), BORN conducted an internal investigation to declare that the personal records of around 3.4 million people were affected in this incident!
The organization said the threat actors copied files containing sensitive information about people, primarily newborns and pregnancy care patients, who benefited from BORN services between January 2010 and May 2023. Leaked data include their full name, home address, postal code, date of birth and health card number.
Depending on the type of services received from BORN, some people’s data may include additional information like dates of service/care, lab test results, pregnancy risk factors, variety of birth, procedures, pregnancy and birth outcomes.
The organization created a web page with all details relating to the incident to help the affected learn about the data theft. Assuring that it found no threat actor selling the stolen data on the dark web, BORN said there is nothing the affected people can do, for now. But, it asked them to remain vigilant about unsolicited messages requesting sensitive data.
Any suspicious activities you spot should be informed to the police and other concerned authorities.
Other Trending News:- News
