A massive cyberattack that left the health data of mothers, newborn babies and parents seeking fertility treatment exposed, could have been entirely prevented if more protective measures were put in place, according to Canadian security experts.
The Better Outcomes Registry & Network (BORN) on Monday revealed that 3.4 million people — mostly those seeking pregnancy care and newborns who were born in Ontario — had their personal health information compromised in May.
“This is appalling,” said Ann Cavoukian, Ontario’s former information and privacy commissioner. “The personal health information that was copied was collected from a large network of mostly Ontario health-care facilities.“
If BORN had de-identified the data by stripping personal details such as names, health care numbers and addresses, it would have provided the “strongest protection” in the event of a data breach, she said.
“They didn’t say that they de-identified the data and that’s the very least they should have done,” Cavoukian added.
The health-care information that was stolen may have included data such as names, addresses, date of birth, health card number (with no version code), lab results from screening and diagnostic testing, pregnancy risk factors, type of birth and procedures and birth outcomes, BORN said in a statement posted Monday.
As of publication time, there was no searchable database or clear way for the public to definitively find out if their information was compromised.
Cyber security experts say ransomware data breach in health care sector is a lesson for everyone
BORN, an agency funded by the province, is responsible for gathering data related to pregnancies and births within Ontario. On Monday, it said a cybersecurity breach on May 31, 2023, had led to the exposure of data concerning 1.4 million people seeking pregnancy care and 1.9 million infants born