The Information Highway

The Information Highway

Font size: +
2 minutes reading time (438 words)

SickKids impacted by BORN Ontario data breach that hit 3.4 million

The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. 

The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."

The BORN Ontario data breach that impacted 3.4 million people was caused by the exploitation of well-known zero-day vulnerability (CVE-2023-34362) in Progress MOVEIt Transfer software. 

SickKids also hit by BORN Ontario breach

On Monday, September 25th, SickKids disclosed that it is "among the many Ontario healthcare providers" that share sensitive health information with BORN Ontario, a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.

Since BORN Ontario was a victim of a security incident that affected 3.4 million people, as BleepingComputer reported yesterday, SickKids warns that its patients and associates may also have been affected.

"We are among the many Ontario healthcare providers that share personal health information with BORN Ontario related to pregnancy, birth and newborn care – important healthcare encounters that can affect lifelong health," states SickKids in its disclosure.

"BORN collects data from healthcare providers pursuant to the authority afforded to it in the Personal Health Information Protection Act (PHIPA). BORN Ontario uses this information to identify immediate care gaps affecting individuals, link information to appropriate care providers, perform health system quality assurance, and analyze data for emerging trends."

Exposed data of those impacted by the BORN Ontario data breach included, at a minimum:

  • Full name
  • Home address
  • Postal code
  • Date of birth
  • Health card number

Depending on the type of care received by BORN, the exposed data may also have included:

  • Dates of service/care,
  • Lab test results,
  • Pregnancy risk factors,
  • Type of birth,
  • Procedures,
  • Pregnancy and birth outcomes

BORN has created a web page with details about the impact the incident has on its patients and who is likely affected by the data theft.

Without revealing additional details about how many SickKids patients and associates were affected, the hospital also directed parties to visit BORN's aforementioned webpage, to find out if they have been impacted. 

It is worth noting, SickKids may not be the only hospital to be affected by the BORN Ontario security incident, and similar such disclosures may be forthcoming from other healthcare providers in the upcoming weeks.

December last year, SickKids was hit by the LockBit ransomware group, who later apologized—blaming the erroneous act of targeting a medical facility on an affiliate, and offered the hospital a "free decryptor."

Windows 11 23H2 now rolling out to Release Preview...
Fake celebrity photo leak videos flood TikTok with...
 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023