ontario data breach

An Ontario healthcare network was just breached by hack and here's what you need to know

A network containing the personal health data of millions of people in Ontario has been hacked, compromising a decade's worth of medical records.

The privacy breach was reported by the Better Outcomes Registry and Network (BORN), which collects pregnancy, birth and early childhood information from all birthing hospitals in the province for the sake of research and policy planning to enhance care.

Funded by the Ministry of Health and overseen by the Children's Hospital of Eastern Ontario, the network considers itself a database of "the most extensive maternal-child health information in the world" garnered from healthcare practitioners across the province.

However, this information was put in the hands of an unauthorized third party that managed to gain access to MoveIt, a file transfer app that BORN and countless other companies use.

The network is just one of the numerous organizations affected by the mass attack, along with hundreds of universities, multiple life insurance companies, two U.S. state retirement systems, and anyone with an Oregon driver's license, among others.

And, last year, approximately 100,000 people in Nova Scotia had their social insurance numbers, banking information, addresses and more stolen in a hack of the same software.

"An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people — mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023," BORN wrote in a statement about the crime on Monday.

"The personal health information that was copied was collected from a large network of mostly Ontario healthcare facilities and providers regarding fertility, pregnancy, newborn and child healthcare."

The group has reassured residents that it does not believe any of the data copied has been used for the purposes of fraud at this time, but they are continuing to monitor the web for any suspicious activity.

Up to this point, the network has ironically prided itself on its security, operating under the province's Personal Health Information Protection Act with the authority to "collect, use and disclose personal health information, without consent, for the purpose of facilitating or improving the provision of health care."

"BORN Ontario is proud to be a trusted steward of personal health information," their website states.

"[We] have implemented a rigorous program to protect personal health information from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal... the registry’s information practices and procedures are approved by the Information and Privacy Commissioner of Ontario every three years."

The incident follows similar data breaches experienced by Air Canada, the LCBO and others in the last few weeks alone.

Lead photo by

 Michael Muraz Photography


Latest Videos



Latest Videos


Join the conversation Load comments

Latest in City

Doug Ford just got even tougher on Ontario bike lanes with new measures

Toronto's $27 billion Ontario Line just crossed its biggest construction milestone so far

Rare Canadian gold coin sells for over $1.5 million

Toronto ranked among the top 100 best cities in the world for 2025

A full list of all the items included in Canada's holiday GST cut

Liquid soap sold at stores across Canada recalled due to contamination

Canadians to get GST cut on groceries and new $250 rebate ahead of holidays

Snow is finally coming to southern Ontario and here's when it will hit