Massive Data Breach: A Decade’s Worth of Newborn Registry Data Stolen in MOVEit Cyberattack

• Cyberattack

In a startling revelation, BORN Ontario, a government-funded birth registry, confirmed a data breach that has affected approximately 3.4 million people who sought pregnancy care. The breach also included the personal health data of nearly two million newborns and children across the Canadian province. The data breach involves more than a decade's worth of data, including fertility, pregnancy, newborn, and child healthcare offered between January 2010 and May 2023.

Data is the new gold in the digital world, and cyber criminals are the new-age pirates.

Details of the Data Breach

News of the breach surfaced after the incident was discovered on May 31. BORN Ontario attributed the cyberattack to the mass hack targeting MOVEit, a file transfer tool organizations use to share large datasets over the internet. The notorious Russian-linked ransomware and extortion group Clop claimed responsibility for the MOVEit mass hacks. However, according to a review of its dark web leak site, it has not yet claimed BORN as one of its victims, which it uses to threaten to publish the victims’ stolen data in exchange for paying a ransom.

Data Compromised in the Breach

The organization confirmed that the cybercriminals stole names, dates of birth, addresses and postal codes, and health card numbers. The clinical information stolen includes dates of care and service, lab test results, pregnancy risk factors, type of birth, procedures, pregnancy and birth outcomes, and associated care. The MOVEit mass hack has claimed more than 60 million affected individuals. Still, given that only a fraction of involved organizations have disclosed their incidents, the number of victims is likely significantly higher.

Concerns Over Data Security

According to Allan Liska, a threat intelligence analyst at Recorded Future, file transfer tools like MOVEit are supposed to be a temporary platform to transfer data. Still, many organizations had data sitting on those servers for years. "Understanding where and how your data is being stored, who has your data, and so on is an additional challenge that organizations have to deal with," Liska said.

The Aftermath of the Breach

Following the data breach, BORN Ontario contacted law enforcement and disclosed the incident to Ontario’s privacy watchdog, the Information and Privacy Commissioner, which oversees BORN. It remains unclear if BORN received a ransom demand or paid the cybercriminals. Moreover, the Information and Privacy Commissioner of Ontario, Patricia Kosseim, said her office was notified of the incident on June 14.

MOVEit: A Major Target for Cybercriminals

More than a thousand organizations, including U.S. federal agencies, which relied on the affected MOVEit software were affected by the mass hack. Clop is said to have discovered a vulnerability in the software that allowed the cybercriminals to scan the internet for affected devices and mass raid the data inside. Clop has also recently been responsible for hacking at least two other file transfer tools.

Cybersecurity Measures in the Wake of the Breach

After a major breach occurs, organizations need to reassess their data security measures. Protecting sensitive information requires understanding where and how data is stored, who can access it, and how long it's kept. Strong security infrastructure is created through regular vulnerability assessments, sturdy encryption methods, and timely software updates. Along with technical measures, companies should promote a culture of security awareness among employees because they are often the first defense against cyber threats.