MOVEit Cybersecurity Incident

Incident Summary

• BORN (the Better Outcomes Registry & Network) was impacted by a cybersecurity breach caused by a global vulnerability of the software we use, Progress MOVEit, to perform secure file transfers.   
• During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems.  
• The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.
• After becoming aware of the incident on May 31, 2023, BORN posted a public notice on our website about the incident and notified relevant authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
• An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023. 
• Data privacy is paramount to everything we do at BORN. We began working with cybersecurity experts immediately to isolate the affected computer server, contain the threat, investigate the full scope of the incident, and to ensure our systems were safe to continue our operations. While attacks on third-party software are difficult to prevent, we’ve taken additional measures to further strengthen our security controls to limit the potential for this type of incident happening again. 
• At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes. We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale.  
• There are no additional steps you need to take.
• https://www.bornincident.ca/