Pierluigi Paganini September 26, 2023
The Better Outcomes Registry & Network (BORN) is a program and database used in the healthcare sector, particularly in maternal and child health, to collect, manage, and analyze health information for the purpose of improving patient outcomes and healthcare services. BORN programs exist in several regions and countries, with each one tailored to the specific healthcare needs of its population.
The BORN funded by the government of Ontario disclosed a data breach that impacts some 3.4 million people. The organization became aware of the security incident on May 31, 2023, it immediately launched an investigation into the breach and notified relevant authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
BORN Ontario hired cybersecurity experts to mitigate the threat, secure its infrastructure, and investigate the scope of the incident.
The organization confirmed that it was the victim of the massive hacking campaign targeting Progress MOVEit transfer systems that was conducted by the Clop ransomware group.
MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.
The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.
In June, the Clop ransomware group claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.
“BORN (the Better Outcomes Registry & Network) was impacted by a cybersecurity breach caused by a global vulnerability of the software we use, Progress MOVEit, to perform secure file transfers. During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems.” reads the statement published by BORN Ontario. “The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.”
According to the statement, threat actors copied data, collected between January 2010 and May 2023, regarding fertility, pregnancy, newborn and child healthcare.
The exposed data includes:
Depending on the type of care received by the impacted individuals, the following data may have been exposed:
At this time, the organization is not aware of any data that is copied that has been misused for any fraudulent purposes. The company announced that it continues to monitor the internet, including the dark web, for any suspicious activity that is related to this incident.
Recently another organization in the healthcare sector, Microsoft-owned healthcare technology firm Nuance, announced it was the victim of the hacking campaign targeting MOVEit Transfer systems.
Nuance launched an investigation into the incident with the help of cyber security experts and a law firm.
The company said that Clop group may have stolen personal data at numerous North Carolina hospitals and other health care providers, including:
Compromised data included the services people received and their demographic information.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Clop ransomware)