Introduction
In a shocking revelation, the government-funded birth registry in Ontario has confirmed that its database was hacked, compromising the personal health data of over 3.4 million individuals who sought pregnancy care and children across the Canadian province. The affected individuals include those who gave birth or whose child was born between April 2010 and May 2023, as well as those who received pregnancy care between January 2012 and May 2023.
The Breach
The data breach occurred when hackers copied more than a decade’s worth of data from the BORN Ontario database. This includes:
- Personal health information: Names, dates of birth, addresses, postal codes, and health card numbers.
- Clinical information: Dates of care and service, lab test results, pregnancy risk factors, type of birth, procedures, and pregnancy and birth outcomes.
The data breach is attributed to a mass-hack targeting the MOVEit file transfer tool used by organizations to share large datasets over the internet. The notorious Russian-linked ransomware and extortion group Clop claimed responsibility for the MOVEit mass-hacks but has not yet claimed BORN as one of its victims.
Affected Organizations
The MOVEit mass-hack has claimed more than 60 million affected individuals so far, although only a fraction of affected organizations have disclosed their incidents. Over 1,000 organizations, including U.S. federal agencies, which relied on the affected MOVEit software, are affected by the mass-hack.
The Investigation
BORN Ontario contacted law enforcement and disclosed the incident to Ontario’s privacy watchdog, the Information and Privacy Commissioner (IPC). In a statement issued late Monday, the IPC confirmed that they were notified of the incident on June 14. However, when reached for comment, an IPC spokesperson declined to answer any questions.
Impact
The data breach has left many individuals concerned about their personal health information being compromised. BORN Ontario has advised affected individuals to be vigilant and monitor their credit reports for any suspicious activity.
Conclusion
The BORN Ontario data breach serves as a reminder of the importance of robust cybersecurity measures in protecting sensitive information. As the investigation continues, it is crucial that affected organizations take steps to prevent similar incidents from occurring in the future.
Recommendations
To mitigate the risk of data breaches:
- Implement robust security measures: Ensure that all software and systems are up-to-date with the latest security patches.
- Conduct regular security audits: Identify vulnerabilities and address them promptly.
- Educate employees on cybersecurity best practices: Raise awareness about phishing, password management, and data protection.
Resources
For more information on the BORN Ontario data breach:
Stay Informed
To stay up-to-date with the latest news on cybersecurity, follow reputable sources such as: