Overview
The Hospital for Sick Children, known as SickKids, was impacted by a recent breach at Better Outcomes Registry & Network (BORN) Ontario, a perinatal and child registry. SickKids shares sensitive health information with BORN Ontario related to pregnancy, birth, newborn care, and childhood. The breach was caused by the exploitation of a zero-day vulnerability in software used to transfer files, called Progress MOVEIt, and affected 3.4 million individuals.
Impact
Exposed data included full names, home addresses, postal codes, dates of birth, and health card numbers. Dates of service, lab test results, pregnancy risk factors, and birth outcomes may also have been compromised. The National Student Clearinghouse (NSC) has also reported that the Progress MOVEIt vulnerability was exploited in 900 colleges and schools across the U.S.
Response & Recovery
The organization's incident response plan was activated, its infected server isolated, and stakeholders were informed of the breach. There is no evidence that any of the stolen breached data has been misused for any fraudulent purposes. BORN has said they will report any discovered misuse of data on their website. SickKids is working to restore affected systems and data. The expected downtime and impact on business operations has not yet been assessed.
Recommendations
Access Point Technology recommends organizations review and update data-sharing agreements with external partners, regularly update and patch software systems to mitigate vulnerabilities like the exploited zero-day in Progress MOVEIt and have a team of cybersecurity experts on call with a tried and tested Incident Response plan to quickly prevent and manage similar incidents.
This event highlights the criticality of maintaining vigilant patching policies and procedures, especially for those organizations that leverage the Progress MOVEit software.
.webp)
.png)
