ontario data breach

An Ontario healthcare network was just breached by hack and here's what you need to know

A network containing the personal health data of millions of people in Ontario has been hacked, compromising a decade's worth of medical records.

The privacy breach was reported by the Better Outcomes Registry and Network (BORN), which collects pregnancy, birth and early childhood information from all birthing hospitals in the province for the sake of research and policy planning to enhance care.

Funded by the Ministry of Health and overseen by the Children's Hospital of Eastern Ontario, the network considers itself a database of "the most extensive maternal-child health information in the world" garnered from healthcare practitioners across the province.

However, this information was put in the hands of an unauthorized third party that managed to gain access to MoveIt, a file transfer app that BORN and countless other companies use.

The network is just one of the numerous organizations affected by the mass attack, along with hundreds of universities, multiple life insurance companies, two U.S. state retirement systems, and anyone with an Oregon driver's license, among others.

And, last year, approximately 100,000 people in Nova Scotia had their social insurance numbers, banking information, addresses and more stolen in a hack of the same software.

"An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people — mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023," BORN wrote in a statement about the crime on Monday.

"The personal health information that was copied was collected from a large network of mostly Ontario healthcare facilities and providers regarding fertility, pregnancy, newborn and child healthcare."

The group has reassured residents that it does not believe any of the data copied has been used for the purposes of fraud at this time, but they are continuing to monitor the web for any suspicious activity.

Up to this point, the network has ironically prided itself on its security, operating under the province's Personal Health Information Protection Act with the authority to "collect, use and disclose personal health information, without consent, for the purpose of facilitating or improving the provision of health care."

"BORN Ontario is proud to be a trusted steward of personal health information," their website states.

"[We] have implemented a rigorous program to protect personal health information from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal... the registry’s information practices and procedures are approved by the Information and Privacy Commissioner of Ontario every three years."

The incident follows similar data breaches experienced by Air Canada, the LCBO and others in the last few weeks alone.

Lead photo by

 Michael Muraz Photography


Latest Videos



Latest Videos


Join the conversation Load comments

Latest in City

Huge TTC parking lot in Toronto about to close forever ahead of redevelopment

Justin Trudeau pledges to save Toronto's Santa Claus Parade

Closure-plagued Toronto streetcar line is finally back in full force

Olivia Chow is going to war with Doug Ford over controversial new bill

Over 55,000 Canada Post workers now on strike and here's how it'll affect you

Here are some Canadian government jobs based in Ontario that pay very well

University of Toronto named among world's best in another category

Toronto plans to install signs blaming Doug Ford for traffic