Data Breach in Ontario Child Registry Exposes Information of 3.4 Million Individuals

The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has disclosed that it fell victim to the Clop ransomware attack within the larger MOVEit hacking campaign.

BORN, which manages a perinatal and child registry, is responsible for collecting, interpreting, sharing, and safeguarding critical data related to pregnancy, childbirth, and childhood in the Ontario province.

The MOVEit attacks exploited a zero-day vulnerability (CVE-2023-34362) found in Progress MOVEit Transfer software, allowing unauthorized access and data theft from numerous organizations worldwide.

BORN initially detected the security breach on May 31 and promptly issued a public notice on its website while also informing the relevant authorities, including the Privacy Commissioner of Ontario.

The organization engaged cybersecurity experts to isolate the affected servers and contain the threat, enabling it to maintain its operations.

The subsequent investigation revealed that threat actors had copied files containing sensitive information about approximately 3.4 million individuals, primarily newborns and expectant mothers who had utilized BORN services between January 2010 and May 2023.

The compromised data includes the following:

  1. Full name
  2. Home address
  3. Postal code
  4. Date of birth
  5. Health card number

Depending on the nature of care received through BORN, the following additional data may also have been exposed:

  1. Dates of service/care
  2. Laboratory test results
  3. Pregnancy risk factors
  4. Type of birth
  5. Medical procedures
  6. Pregnancy and birth outcomes

BORN has established a dedicated webpage with information about how this incident affects its patients and who is likely impacted by the data breach.

Despite confirming the breach, BORN states that there is currently no evidence to suggest that the stolen data is being traded on the dark web.

“At this time, there is no indication that the copied data has been used for fraudulent purposes,” as stated in BORN’s announcement. “We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no indication of BORN’s data being posted or offered for sale.”

Individuals who may potentially be affected by this security incident are advised to exercise caution when handling incoming communications, particularly unsolicited messages requesting sensitive information.

Any suspicious online account activity or attempted fraud should be promptly reported to law enforcement authorities and the relevant service providers.