Massive BORN Data Breach Rocks Ontario’s Newborn Care Registries

In the latest development in cybersecurity news, a BORN data breach has been reported. The Better Outcomes Registry and Network (BORN) of Ontario, a government-funded repository for perinatal and child health information, confirmed a massive data breach.

The BORN data breach has left approximately 3.4 million individuals, encompassing both parents seeking pregnancy care and their newborns, reeling from compromised personal health data.

The breach, detected on May 31, 2023, spans over a decade’s worth of records, encompassing the period from January 2010 to May 2023.

Scale of The BORN Data Breach is Haunting 

This massive BORN data breach is linked to the exploitation of the vulnerability in MOVEit, a file transfer platform by Progress Software, known to be targeted aggressively by the notorious Clop ransomware group.  

The security breach, not officially claimed by Clop, has been confirmed by the company as BORN has shared an official incident summary about the attack.

BORN’s role as a data aggregator for healthcare providers, labs, and hospitals focused on fertility, pregnancy, and child healthcare makes this massive breach an unprecedented threat to the privacy of millions.

The security breach encompasses a vast array of sensitive information, including names, dates of birth, addresses, postal codes, and health card numbers.

Clinical data, such as dates of care and service, lab results, pregnancy risk factors, type of birth, and associated care, has also been compromised. 

The gravity of the BORN data breach is compounded by the fact that this information affects those who gave birth or had a child born between April 2010 and May 2023 and individuals who received pregnancy care between January 2012 and May 2023.

“An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023”, reads the firm’s statement.

Responding to the BORN Data Breach

BORN’s swift response included notifying law enforcement and the Information and Privacy Commissioner of Ontario.

It remains unclear whether a ransom was demanded or paid to the cybercriminals for this security breach. BORN is resolute in its efforts to mitigate potential fallout, as it vigilantly monitors both conventional and dark web channels for any signs of unauthorized data usage.

In a bid to reassure the affected populace, BORN emphasized that it will never solicit sensitive personal information through unsolicited channels like email, text, or phone calls.

Alicia St.Hill, BORN Ontario’s Executive Director, expressed profound regret over the incident, assuring that comprehensive measures are being instituted to fortify security controls.

“Our work helps us learn how the care we provide today affects our health tomorrow. We want Ontario to be one of the safest places in the world to have a baby and to provide the best possible beginnings for lifelong health,” said Alicia St.Hill, Executive Director, BORN Ontario.

The BORN data breach is undoubtedly one of the biggest cyberattacks of 2023, exposing the vulnerability of digital health data repositories.

The Clop ransomware group, on the other hand, has turned out to be one of the most influential threat actors of this year, all attributed to their recent attacks related to the MOVEit software. 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Related