Nunavik Regional Board of Health and Social Services Breach Incident Score: Analysis & Impact (NRB1766037566)

In this Rankiteo incident briefing, we review the Nunavik Regional Board of Health and Social Services breach identified under incident ID NRB1766037566.

The analysis begins with a detailed overview of Nunavik Regional Board of Health and Social Services's information like the linkedin page: https://www.linkedin.com/company/nrbhss, the number of followers: 2805, the industry type: Government Administration and the number of employees: 216 employees

After the initial compromise, the video explains how Rankiteo's incident engine converts technical details into a normalized incident score. The incident score before the incident was 761 and after the incident was 734 with a difference of -27 which is could be a good indicator of the severity and impact of the incident.

In the next step of the video, we will analyze in more details the incident and the impact it had on Nunavik Regional Board of Health and Social Services and their customers.

On 04 November 2025, Ungava Tulattavik Health Centre (UTHC) disclosed Data Breach issues under the banner "Cyberattack on Ungava Tulattavik Health Centre (UTHC)".

Clinical records have potentially been exposed in a data breach of a Kuujjuaq health centre, which was the victim of a cyberattack orchestrated by malicious individuals in November 2025.

The disruption is felt across the environment, and exposing Clinical and administrative information concerning certain users and employees.

In response, teams activated the incident response plan, moved swiftly to contain the threat with measures like Blocked the attack, plugged the breach, secured the computer network, and began remediation that includes Implemented surveillance tools for security, created a crisis unit, and stakeholders are being briefed through Informed financial institutions, Nunavik mayors, and the public; set up a dedicated information service for users and employees.

The case underscores how Ongoing, and recommending next steps like Users and employees urged to regularly check bank activity, monitor online transactions, be alert to suspicious calls and emails, and never share passwords, SINs, or credit card numbers over the phone, with advisories going out to stakeholders covering Informed financial institutions and Nunavik mayors of the incident.

Finally, we try to match the incident with the MITRE ATT&CK framework to see if there is any correlation between the incident and the MITRE ATT&CK framework.

The MITRE ATT&CK framework is a knowledge base of techniques and sub-techniques that are used to describe the tactics and procedures of cyber adversaries. It is a powerful tool for understanding the threat landscape and for developing effective defense strategies.

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Exploit Public-Facing Application (T1190) with moderate confidence (60%), supported by evidence indicating attack detected promptly, suggesting possible exploitation of exposed systems and Valid Accounts (T1078) with moderate to high confidence (70%), supported by evidence indicating organized cybercriminal groups likely used compromised credentials. Under the Credential Access tactic, the analysis identified Brute Force (T1110) with moderate confidence (50%), supported by evidence indicating no specific details, but organized groups often employ brute force and Unsecured Credentials (T1552) with moderate confidence (60%), supported by evidence indicating high-value data accessed; likely involved credential harvesting. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with moderate to high confidence (80%), supported by evidence indicating clinical and administrative records potentially accessed by malicious actors and Automated Exfiltration (T1020) with moderate to high confidence (70%), supported by evidence indicating organized groups likely used automated tools for data theft. Under the Impact tactic, the analysis identified Data Encrypted for Impact (T1486) with lower confidence (40%), supported by evidence indicating no ransomware details, but attack caused significant disruption and Data Manipulation (T1565) with moderate confidence (50%), supported by evidence indicating potential compromise of clinical records raises integrity concerns. Under the Defense Evasion tactic, the analysis identified Indicator Removal (T1070) with moderate confidence (60%), supported by evidence indicating attackers may have cleared logs to evade detection and Hide Artifacts (T1564) with moderate confidence (50%), supported by evidence indicating initial analysis missed data exposure; suggests evasion tactics. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.