Cyber Incident Victim: Green Shield Canada

On June 14, 2023, Green Shield Canada, an entity within the broader GreenShield enterprise, publicly announced it was investigating the impact of a software vulnerability in MOVEit, a third-party file transfer system used by the organization to transfer stakeholder information. This announcement was made in the context of a global cyberattack affecting numerous businesses utilizing the MOVEit software. The initial assessment indicated that while the investigation was ongoing and the full extent of the incident was still being determined, limited data had been captured by cybercriminals via the MOVEit software. The organization emphasized that this access was contained to the MOVEit file transfer service and did not occur through any other part of Green Shield Canada’s network infrastructure. It was also explicitly stated that GreenShield Health, encompassing subsidiaries Inkblot, Tranquility, BCH Consultants, and The Health Depot, was not impacted by this situation. Upon notification of the vulnerability, Green Shield Canada promptly implemented MOVEit’s recommended measures to address the issue and further secured its own file transfer protocols.

The investigation was conducted in close collaboration with external cybersecurity experts and a dedicated external third-party discovery team. By June 21, 2023, the ongoing investigation continued to affirm that the impact was contained to the MOVEit file transfer service, with limited data being impacted. The organization reiterated its commitment to supporting any individuals whose data was confirmed as compromised, ensuring they would receive necessary assistance and guidance, and stated that directly impacted clients would be contacted privately. This position was maintained in updates on June 30 and July 7, 2023, with evidence consistently suggesting the impact was confined to a limited set of files transferred through the MOVEit service. The organization acknowledged the global nature of the exploited vulnerability and expressed appreciation for the patience of its stakeholders as the investigation progressed.

On July 21, 2023, Green Shield Canada provided a significant update, stating that the external investigation had concluded. The findings showed no indication of any access to or impact on the company's IT systems other than the targeted MOVEit Transfer application. This confirmed the initial containment assessment. The organization stated it was actively monitoring the situation and would be contacting any clients and individuals whose data was confirmed as being compromised so they could take necessary precautions. The final determination on the scope of impacted data was communicated in an update dated October 11, 2023. The investigation confirmed that a subset of files containing personal information, which had been transferred through the MOVEit file transfer service, may have been accessed. This impacted some of Green Shield Canada’s plan members. However, the company reported that it had been closely monitoring the situation and had found no evidence of any data involved in the incident being disclosed or misused.

In response to the confirmed access of personal information, Green Shield Canada took specific action to notify and support affected individuals. The organization committed to directly notifying individuals whose data was contained in the accessed files. Out of an abundance of caution, Green Shield Canada provided these individuals with complimentary credit monitoring and identity theft protection services through Equifax. These services were described as being specifically designed to assist impacted individuals in safeguarding their personal information proactively, despite there being no indication of the data being misused. Details on how to access and utilize these services were provided in the individual notifications sent to affected plan members. Throughout the incident response, Green Shield Canada maintained communication through updates on its dedicated webpage, ensuring stakeholders were informed as new information became available. The organization consistently emphasized its commitment to the security and trust of its stakeholders and appreciated plan members’ patience, support, and cooperation throughout the process. The core business operations of Green Shield Canada and the unaffected GreenShield Health entities continued without reported interruption.