ontario data breach

An Ontario healthcare network was just breached by hack and here's what you need to know

A network containing the personal health data of millions of people in Ontario has been hacked, compromising a decade's worth of medical records.

The privacy breach was reported by the Better Outcomes Registry and Network (BORN), which collects pregnancy, birth and early childhood information from all birthing hospitals in the province for the sake of research and policy planning to enhance care.

Funded by the Ministry of Health and overseen by the Children's Hospital of Eastern Ontario, the network considers itself a database of "the most extensive maternal-child health information in the world" garnered from healthcare practitioners across the province.

However, this information was put in the hands of an unauthorized third party that managed to gain access to MoveIt, a file transfer app that BORN and countless other companies use.

The network is just one of the numerous organizations affected by the mass attack, along with hundreds of universities, multiple life insurance companies, two U.S. state retirement systems, and anyone with an Oregon driver's license, among others.

And, last year, approximately 100,000 people in Nova Scotia had their social insurance numbers, banking information, addresses and more stolen in a hack of the same software.

"An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people — mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023," BORN wrote in a statement about the crime on Monday.

"The personal health information that was copied was collected from a large network of mostly Ontario healthcare facilities and providers regarding fertility, pregnancy, newborn and child healthcare."

The group has reassured residents that it does not believe any of the data copied has been used for the purposes of fraud at this time, but they are continuing to monitor the web for any suspicious activity.

Up to this point, the network has ironically prided itself on its security, operating under the province's Personal Health Information Protection Act with the authority to "collect, use and disclose personal health information, without consent, for the purpose of facilitating or improving the provision of health care."

"BORN Ontario is proud to be a trusted steward of personal health information," their website states.

"[We] have implemented a rigorous program to protect personal health information from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal... the registry’s information practices and procedures are approved by the Information and Privacy Commissioner of Ontario every three years."

The incident follows similar data breaches experienced by Air Canada, the LCBO and others in the last few weeks alone.

Lead photo by

 Michael Muraz Photography


Latest Videos



Latest Videos


Join the conversation Load comments

Latest in City

The TTC just made a huge change to clamp down on fare cheats riding for free

University of Toronto places fourth above Oxford and MIT in new world ranking

Yet another Toronto highway is about to slow to a crawl for major construction project

The minimum wage in Ontario is going up next month

People keep destroying automated speed cameras in Ontario

Toronto is getting a whole new neighbourhood and here's what it will look like

Ontario got its first taste of snow this weekend but summer is not over yet

Spider species responsible for most Ontario bites is most active this time of year