BORN (the Better Outcomes Registry & Network) in Canada has disclosed it was affected by the MOVEit breach. From their notice:
- During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems.
- The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.
- After becoming aware of the incident on May 31, 2023, BORN posted a public notice on our website about the incident and notified relevant authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
- An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023.
Read more at BORN.
Thanks to Brett Callow of Emsisoft for alerting us to this notice. They continue to diligently track the MOVEit incident.
DataBreaches notes that BORN does not mention whether they paid any extortion demand to Clop. A search of Clop’s leak site does not return any results for “BORN” or “Better.”
Nor does BORN explain why data from 2010 was on a file transfer server after so many years.