Notice of BORN Ontario Cybersecurity Incident
Brockville/Smiths Falls – Both Brockville General Hospital and the Perth & Smiths Falls District Hospital were affected by a province-wide cyber security breach.
Both hospitals posted notices on their respective websites earlier this week.
“BORN Ontario is a prescribed perinatal and child registry that is funded by the province’s Ministry of Health. BORN Ontario was the victim of a cybersecurity incident earlier this year and your information may have been impacted. The incident was caused by a vulnerability in the file transfer software BORN Ontario utilized, called MOVEit.”
They said that they were among the many Ontario healthcare providers that share personal health information with BORN Ontario related to pregnancy, birth and newborn care – important healthcare encounters that can affect lifelong health.
BORN collects data from healthcare providers pursuant to the authority afforded to it in the Personal Health Information Protection Act (PHIPA). BORN Ontario uses this information to identify immediate care gaps affecting individuals, link information to appropriate care providers, perform health system quality assurance, and analyze data for emerging trends.
BORN Ontario posted on its website that the personal health information that was copied was collected from a large network of mostly Ontario healthcare facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.
After becoming aware of the incident on May 31, 2023, BORN posted a public notice on its website about the incident and notified relevant authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
An in-depth analysis revealed that the files copied during the breach contained the personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023.
“Data privacy is paramount to everything we do at BORN. We began working with cybersecurity experts immediately to isolate the affected computer server, contain the threat, investigate the full scope of the incident, and to ensure our systems were safe to continue our operations. While attacks on third-party software are difficult to prevent, we’ve taken additional measures to further strengthen our security controls to limit the potential for this type of incident happening again.” said BORN Ontario
“At this time, there is no evidence that any of the copied data has been misused for any fraudulent purposes. We continue to monitor the internet, including the dark web, for any activity related to this incident and have found no sign of BORN’s data being posted or offered for sale. There are no additional steps you need to take.”
For specific details about the incident, and to find out if your or someone in your family’s information may have been impacted, please visit the BORN Ontario website www.bornincident.ca
More Stories
South Grenville Rangers Lost 6-1 to St-Isidore Eagles on Friday in NCJHL
Aeros Won One & Lost Won in EOJHL Action Over Weekend
B&E Suspects Arrested in the Act on Sunday in Brockville