BORN agency suffers cybersecurity attack
September 27, 2023
TORONTO – An Ontario government agency that manages data about pregnancy and newborn children in the province says the personal health information of about 3.4 million people was impacted by a data breach. The Better Outcomes Registry & Network (BORN) said in an update on Monday that the May 31 cybersecurity incident was linked to the global privacy breach of the file transfer system MoveIt – the same software that exposed the personal information of some 100,000 Nova Scotians last spring.
“As a result of the incident, unauthorized parties were able to copy certain files from one of BORN’s servers. Data in the copied files included personal health information collected from primarily Ontario fertility, pregnancy, and child health care providers,” the registry wrote in a news release.
Anyone who gave birth between April 2010 and May 2023 is “likely” affected by the breach, BORN said.
Individuals who received pregnancy care between January 2012 and May 2023 are also likely affected as are those who had in-vitro fertilization (IVF) or egg banking in Ontario between January 2013 and May 2023.
BORN said that it does not collect banking details, social insurance numbers, OHIP version codes or security numbers, or patient emails addresses or passwords. As such, BORN said, those details were not included in the incident.
“At this time, there is no evidence that any of the data copied from BORN’s systems has been misused for any fraudulent purposes. We have engaged experts to monitor the dark web for any activity related to this incident,” according to the agency.
BORN said that it began working with cybersecurity experts “immediately” after it discovered the incident and reported it to the Office of the Information and Privacy Commissioner of Ontario, which it says is currently investigating the breach.
As a result of the breach, BORN said that MoveIt software is no longer used in its systems.
“We deeply apologize for this incident and are treating this matter with the utmost concern. While attacks on third-party software are difficult to prevent, we have taken measures to further strengthen our security controls to prevent this type of incident from happening again,” BORN Ontario’s executive director, Alicia St.Hill (pictured), said in a statement.
Funded by Ontario’s Ministry of Health, BORN Ontario collects data from healthcare providers, labs, and hospitals that provide insights into pregnancy and newborns in the province to improve care and guide clinical decision making.