Child health data stolen in registry breach

Canadian healthcare organization Better Outcomes Registry & Network (BORN) has disclosed a data breach affecting client data.

BORN—an Ontario perinatal and child registry that collects, interprets, shares, and protects critical data about pregnancy, birth, and childhood—says it was attacked on May 31, 2023.

A subsequent investigation has shown that during the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems. The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.

BORN says that the data breach happened as a result of a vulnerability in some software it uses for file transfers, Progress MOVEit. This vulnerability was exploited by a ransomware gang known as Cl0p, before Progress was even aware a vulnerability existed.

Sadly, it’s not just BORN that has had children’s data stolen as a result of that vulnerability. The National Student Clearinghouse (NSC) has also reported that nearly 900 colleges and schools across the US also fell victim to the Cl0p ransomware gang, as a result of using MOVEit to transfer files.

As we have mentioned before, identity theft is a serious problem, especially when it affects children. Identity thieves love preying on minors, simply because it usually takes longer before the theft is noticed.

Countermeasures

BORN states that there are no additional steps you need to take. Its incident summary says:

“At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes. We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale.”

However, you have every right to become anxious that your child might start receiving credit offers in the mail or unexpected activity on their email, phone or bank accounts.

So, if you become aware of anything suspicious, or even just for peace of mind, you can request a security freeze for your child at each of the three national credit bureaus (Experian, TransUnion and Equifax).

When you request a security freeze, the bureau creates a credit report for your child and then locks it down, so that any lender who attempts to process an application that uses your child’s credentials will be denied access to their credit history. This prevents any loans or credit cards being issued in the child’s name. When the child becomes an adult you’ll have to lift the freeze by contacting each credit bureau individually.

Read our tips on how to protect your identity, or, if you believe you are already the victim of on identity crime, contact the Identity Theft Resource Center. You can speak to an advisor toll-free by phone (888.400.5530) or live-chat on the company website idtheftcenter.org.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/