Ontario healthcare organization data breach exposes personal health information of 3.4 million care seekers


September 28, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Ontario healthcare organization data breach exposes personal health information of 3.4 million care seekers

Following the massive MOVEit attack, the Better Outcomes Registry & Network (BORN) has disclosed a massive data breach after unauthorized copies of files containing the personal and health information of parents and children were stolen from their systems.

Ontario’s prescribed perinatal, newborn and child registry said it learned of the breach on May 31 and notified local authorities and police.

Following a lengthy investigation, it was revealed that the attackers managed to steal a trove of PHI belonging to about 3.4 million individuals, including newborns and “those seeking pregnancy care” in the past 13 years.

“During the breach, unauthorized copies of files with personal health information were copied from BORN’s systems,” BORN explained. ”The personal health information that was impacted in the breach was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.”

According to the data breach notice, exposed data includes:

  • Patient names, home address, postal code
  • Date of birth and health card number

Depending on the type of BORN services received by individuals, personal health information was also exposed, including:

  • Date of service/care
  • Lab test results
  • Pregnancy risk factors and type of birth
  • Procedures and any pregnancy or birth outcomes (complications, diagnoses)

Since then, BORN says it managed to contain the breach and ensure the safe continuation of operations. While the agency said it saw no evidence of misuse, data leaks on the dark web or fraudulent activity leveraging compromised data, it added that individuals should “remain vigilant” and:

  • Monitor online accounts against fraud
  • Contact service providers and the police if they observe any suspicious activities
  • Scrutinize unsolicited correspondence.  BORN emphasized that it will never ask for sensitive personal info via email, phone or text

For more information, you can access the dedicated data breach page, here.

Want to know what personal info has been stolen or made public on the internet? Check now with Bitdefender's Digital Identity Protection tool.




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like