BORN Ontario Data Breach: 3.4 Million Affected by Massive Cyberattack

Ontario's leading birth registry, BORN Ontario, reported a major data breach that impacted 3.4 million individuals, including the health records of approximately two million children and newborns in the region.

Key Highlights

• Timeline of Events: The breach, which took place between January 2010 and May 2023, was detected on May 31. There has been some scrutiny over the delay in notifying the affected parties.

• Root of the Attack: The breach was traced back to a cyberattack on MOVEit, a tool employed by institutions for transferring extensive data sets online. The infamous ransomware group, Clop, associated with Russia, is believed to be behind the mass-hacks of MOVEit. Though Clop hasn't confirmed targeting BORN Ontario, the group typically threatens to release stolen data on the dark web, pushing victims for ransoms.

• Nature of Stolen Data: Compromised information includes personal details like names, birth dates, addresses, and health card numbers. Additionally, clinical data, such as care dates, laboratory results, birth details, and other related medical histories, were also accessed.

• Extent of the MOVEit Hack: The MOVEit cyberattack saga has jeopardized over 60 million people. Given that only a limited number of compromised entities have disclosed their breaches, the actual number of victims could be significantly larger. Numerous entities, including U.S. federal agencies that utilized the compromised MOVEit software, have been impacted.

• An Expert's Take: Allan Liska, a specialist at Recorded Future, expressed at a recent TechCrunch Disrupt conference that tools like MOVEit should ideally be transient platforms for data transfer. However, many organizations often retain data on these platforms for extended periods. He emphasized the importance of understanding data storage and handling protocols.

• Comparative Data Analysis: Data from Emsisoft suggests that the BORN breach ranks sixth in magnitude in the MOVEit mass-hacks, following incidents at Maximus, Alogent, and the regions of Louisiana, Colorado, and Oregon. The National Student Clearinghouse recently reported that their MOVEit-associated breach impacted nearly 900 educational institutions in the U.S.

For those affected, it's crucial to monitor personal information and be wary of suspicious communications. This incident serves as a stark reminder of the evolving challenges in cybersecurity.

About this post

Posted: 2023-09-27
By: dwirch
Viewed: 263 times

Categories

Security

Attachments

No attachments for this post

Comments

No comments have been added for this post.

You must be logged in to make a comment.