Nova Scotia has implemented significant cybersecurity enhancements following a data breach involving the MOVEit file transfer system that compromised personal information of many residents a year ago, it said.
The final report on the breach, released on May 29, outlines the measures taken and plans for continued improvements.
Colton LeBlanc, Minister of Cyber Security and Digital Solutions, emphasized the ongoing threat of cyberattacks and the necessity of proactive measures.
“I’d love to be able to say we will never face another cybersecurity breach. Cyberthreats are unfortunately a reality in the world we now live in. Everyone – governments, private companies and people – are all at risk. We must take steps to protect ourselves,” LeBlanc stated.
The report indicates that the province has already begun implementing recommendations, including enhancing security within the MOVEit system, improving data classification and management, and increasing capacity to respond to large-scale breaches.
Additionally, Nova Scotia is continuously reviewing and adapting its overall cybersecurity strategy and mandating annual cybersecurity awareness training for all staff. The province is also collaborating with other jurisdictions to share information and build cybersecurity capacity.
David Shipley, co-founder and CEO of Beauceron Security Inc., praised Nova Scotia’s response to the breach.
“I don’t measure an organization’s success in cyber-resiliency by a lack of events or incidents. I measure it by how well they handle it, how clearly they explain it, and how they apply the lessons they’ve learned. By that measure, Nova Scotia has done well. They showed tremendous leadership following last year’s MOVEit breach, demonstrating a strong command of the situation and outstanding transparency in response efforts,” Shipley commented.
The breach, which occurred on May 30 and 31, 2023, affected governments and private companies globally that used the MOVEit file transfer service. The province sent over 168,000 notification letters to Nova Scotians whose personal information was compromised, including retired teachers, civil servants, individuals who received parking tickets in Halifax, and 1,923 patients whose health information was stolen.
Credit monitoring was offered to those whose sensitive information, such as social insurance numbers and financial data, was stolen, with 30,000 people enrolling in the service.
The response to the MOVEit breach has cost the province $3.8 million, underscoring the substantial financial impact of cybersecurity incidents and the importance of robust defensive measures.
