Clop Ransomware Attack on BORN Ontario Child Registry Impacts 3.4 Million Individuals

September 25, 2023

The Better Outcomes Registry & Network (BORN), a perinatal and child registry funded by the Ontario government, has fallen victim to a hacking spree by the Clop ransomware.

This organization, which collects, interprets, shares, and safeguards crucial data related to pregnancy, birth, and childhood in Ontario, was compromised through a zero-day vulnerability (CVE-2023-34362) in the Progress MOVEit Transfer software. This vulnerability was exploited by MOVEit attacks to breach and steal data from thousands of organizations globally.

BORN became aware of the security incident on May 31 and promptly issued a public notice on its website while also alerting the appropriate authorities, including the Privacy Commissioner of Ontario. To manage the situation, the organization engaged cybersecurity experts who were able to isolate the affected servers and contain the threat, enabling BORN to continue its operations.

The investigation into the breach revealed that the threat actors had managed to copy files containing sensitive information of approximately 3.4 million people. The majority of these individuals were newborns and patients receiving pregnancy care who had used BORN services between January 2010 and May 2023.

Despite the confirmed data breach, BORN stated that there is currently no evidence to suggest that the stolen data has been circulated on the dark web. In a notice, BORN said, “At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes,” and added, “We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale”.

BORN has advised individuals who may be affected by this security incident to be cautious of incoming communications and to be particularly wary of unsolicited messages requesting sensitive data. Any suspicious activity on online accounts or attempts at fraud should be reported to the police and relevant service providers.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.