An Ontario healthcare network was just breached by hack and here's what you need to know
A network containing the personal health data of millions of people in Ontario has been hacked, compromising a decade's worth of medical records.
The privacy breach was reported by the Better Outcomes Registry and Network (BORN), which collects pregnancy, birth and early childhood information from all birthing hospitals in the province for the sake of research and policy planning to enhance care.
Funded by the Ministry of Health and overseen by the Children's Hospital of Eastern Ontario, the network considers itself a database of "the most extensive maternal-child health information in the world" garnered from healthcare practitioners across the province.
However, this information was put in the hands of an unauthorized third party that managed to gain access to MoveIt, a file transfer app that BORN and countless other companies use.
The network is just one of the numerous organizations affected by the mass attack, along with hundreds of universities, multiple life insurance companies, two U.S. state retirement systems, and anyone with an Oregon driver's license, among others.
And, last year, approximately 100,000 people in Nova Scotia had their social insurance numbers, banking information, addresses and more stolen in a hack of the same software.
"An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people — mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023," BORN wrote in a statement about the crime on Monday.
"The personal health information that was copied was collected from a large network of mostly Ontario healthcare facilities and providers regarding fertility, pregnancy, newborn and child healthcare."
BORN Ontario was impacted by a cybersecurity breach earlier this year. BORN is Ontario’s prescribed birth and child health registry and collects information from a network of Ontario health care providers who provide fertility, pregnancy, newborn and child health care under the…
— BORN Ontario (@BORNOntario) September 25, 2023
The group has reassured residents that it does not believe any of the data copied has been used for the purposes of fraud at this time, but they are continuing to monitor the web for any suspicious activity.
Up to this point, the network has ironically prided itself on its security, operating under the province's Personal Health Information Protection Act with the authority to "collect, use and disclose personal health information, without consent, for the purpose of facilitating or improving the provision of health care."
"BORN Ontario is proud to be a trusted steward of personal health information," their website states.
"[We] have implemented a rigorous program to protect personal health information from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal... the registry’s information practices and procedures are approved by the Information and Privacy Commissioner of Ontario every three years."
The incident follows similar data breaches experienced by Air Canada, the LCBO and others in the last few weeks alone.
