The personal information of an unknown number of Nova Scotians has been stolen through a global privacy breach of a file transfer system called MOVEit, which is sold by a company called Ipswitch.
“We’re here today to inform Nova Scotians that personal information has been stolen as the result of a global cybersecurity issue,” said Colton LeBlanc, the minister of Community Services, at a hastily called Sunday afternoon press conference.
“The issue is with a file transfer service called MOVEit, which is used globally by public and private sector organizations,” continued LeBlacnc. “On June 1st, the province was advised by the company that owns MOVEit that there was a critical vulnerability. We immediately took the service offline and installed the security update as instructed and brought the service back online on June 2nd. We became aware that further investigation was needed, so we took down the service once again and cybersecurity experts were called in to assist.”
“At this time, staff are manually going through all of the files that we’re access to identify what information was stolen and who it belongs to,” said LeBlanc. “Before we could begin this process, we needed to be sure that accessing the data wouldn’t further compromise our government systems.”
MOVEit is used by Nova Scotia Health to transfer patient information between hospitals and doctors and “clients external to the Health network.”
LeBlanc did not say what other government departments use MOVEit, but the Halifax Examiner has been told that Service Nova Scotia and the Justice Department may also use the system.
When will affected people be notified? In days, weeks . . . months?
I call BS on a manual review. Impossible. Has to be computer based analysis.
Used the file transfer service once last fall. Downloaded test results. Only info exposed should be name, health card #, and test results. If MoveIt had access to my full health file several people should be fired.