The state register of newborns of the Canadian province of Ontario has confirmed a security breach affecting approximately 3.4 million individuals. This includes those who sought medical assistance during a woman’s pregnancy, as well as around two million newborns and children.
Born Ontario has officially announced that hackers have successfully accessed a vast array of their data. This includes information on individuals from January 2010 to May 2023. The breach was discovered on May 31, but the reasons for the delayed public announcement remain unclear.
Born has stated that this cyber attack is linked to the widespread hacking of the Moveit Transfer file transfer tool by the extortion gang known as Clop. The responsibility for the hacking was claimed by the gang back in June.
Born collects data from medical institutions, laboratories, and hospitals involved in providing medical assistance to pregnant women and children. This data is used to enhance the quality of medical care. The fact that these records were stolen during a mass compromise was unexpected by anyone involved.
Following the breach, Born has reported the incident to law enforcement agencies and informed the commissioner responsible for information and privacy protection in Ontario, who oversees Born’s activities.
Names, dates of birth, addresses, postal codes, and medical record numbers were stolen by the cybercriminals. Additionally, clinical information such as examination and treatment dates, laboratory tests, and other medical data have also been compromised.
It remains to be seen whether the hackers will utilize the obtained information for malicious purposes or if any ethical boundaries will restrain them.
The Moveit mass hacks have impacted over 60 million people and more than one hundred companies. Clop hackers exploited a vulnerability in the Moveit software, enabling them to conduct extensive data exploration.
According to the latest information from EMSISOFT, a cybersecurity company, the Born breach ranks as the sixth largest among a series of incidents related to Moveit. Clop has also targeted other major MFT services, including Goanywhere in February of this year and Accellion FTA in December 2020.