BORN Ontario provides update on cybersecurity incident
OTTAWA, September 25, 2023 — The Better Outcomes Registry & Network (BORN) Ontario, today, is providing an update on the cybersecurity incident that it experienced on May 31.
The incident was the result of the international breach of a vulnerability in the MOVEit file transfer software. BORN Ontario used the MOVEit software to transfer information in its possession to authorized care and research partners. As a result of the incident, unauthorized parties were able to copy certain files from one of BORN’s servers. Data in the copied files included personal health information collected from primarily Ontario fertility, pregnancy, and child health care providers. These providers regularly contribute critical health information to the BORN Ontario perinatal and child health registry, pursuant to the authority afforded to BORN in the Personal Health Information Protection Act (PHIPA).
An in-depth analysis revealed that the copied files included personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario.
Individuals are likely impacted by this privacy breach if they:
- Gave birth or have a child born in Ontario between April 2010 and May 2023.
- Received pregnancy care in Ontario between January 2012 and May 2023.
- Had in-vitro fertilization or egg banking in Ontario between January 2013 and May 2023.
Data privacy is paramount to everything we do at BORN Ontario. We began working with cybersecurity experts immediately after discovering this incident to understand its full scope and to ensure our systems were safe. The MOVEit software is no longer in use at BORN. We reported the incident to the Office of the Information and Privacy Commissioner of Ontario, and they are reviewing the matter. At this time, there is no evidence that any of the data copied from BORN’s systems has been misused for any fraudulent purposes. We have engaged experts to monitor the dark web for any activity related to this incident. BORN does not collect, and the incident did not include, any of the following types of information typically sought by cybercriminals for use in fraudulent activity like identify theft:
- Credit card, banking, or financial information
- Social insurance numbers
- OHIP version codes, expiry dates, or 9-digit security number on the back of the card
- Patient email addresses or passwords
For specific details about the incident, and to find out if your or a family member’s information may have been affected, please visit bornincident.ca.
“Our work helps us learn how the care we provide today affects our health tomorrow. We want Ontario to be one of the safest places in the world to have a baby and to provide the best possible beginnings for lifelong health,” said Alicia St.Hill, Executive Director, BORN Ontario. “We deeply apologize for this incident and are treating this matter with the utmost concern. While attacks on third-party software are difficult to prevent, we have taken measures to further strengthen our security controls to prevent this type of incident from happening again.
Please visit bornincident.ca for more details.
About BORN Ontario
The Better Outcomes Registry & Network (BORN) Ontario is a prescribed perinatal and child registry funded by Ontario’s Ministry of Health. Care and outcomes during pregnancy, birth, and throughout childhood are closely linked, and among some of the most important healthcare events in individuals’ lives. BORN collects data from healthcare providers, labs, and hospitals that provide insights into pregnancy and newborn care. BORN links and analyzes this data before packaging it into information that healthcare providers use to improve care, guide clinical decision making, and power research. The results are a better healthcare system providing improved healthcare experiences for you and your children.
About BORN Ontario’s Information Uses
Like other similar registries around the world, the robust healthcare information that BORN collects and analyzes allows it to act as a safety net. BORN identifies gaps in care and offers important feedback on child and women’s healthcare quality. Some of the clinical and health system benefits enabled by BORN include:
- Identification of newborns who may not have been offered screening for 30+ rare and life-altering diseases at birth. BORN shares that information with partners who perform critical, timely, follow-up.
- Improved awareness and accuracy of prenatal screening tests so that pregnant women and individuals, as well as their partners, can benefit from the right information.
- Timely feedback to hospitals that has led to reduced C-section rates and other performance benchmarks that help to drive care best practices.
- Rich analysis used in decision making by clinicians and program leaders about the outcomes of patients who use, and pregnancies that result from, in-vitro fertilization treatments.
- Individualized feedback and support to ultrasound technicians on the accuracy of their prenatal scan measurements used to detect serious conditions so that families and care providers can be confident in the results.