sickkids

The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario.

The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."

The BORN Ontario data breach that impacted 3.4 million people was caused by the exploitation of well-known zero-day vulnerability (CVE-2023-34362) in Progress MOVEIt Transfer software.

Wiz

SickKids also hit by BORN Ontario breach

On Monday, September 25th, SickKids disclosed that it is "among the many Ontario healthcare providers" that share sensitive health information with BORN Ontario, a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.

Since BORN Ontario was a victim of a security incident that affected 3.4 million people, as BleepingComputer reported yesterday, SickKids warns that its patients and associates may also have been affected.

"We are among the many Ontario healthcare providers that share personal health information with BORN Ontario related to pregnancy, birth and newborn care – important healthcare encounters that can affect lifelong health," states SickKids in its disclosure.

"BORN collects data from healthcare providers pursuant to the authority afforded to it in the Personal Health Information Protection Act (PHIPA). BORN Ontario uses this information to identify immediate care gaps affecting individuals, link information to appropriate care providers, perform health system quality assurance, and analyze data for emerging trends."

Exposed data of those impacted by the BORN Ontario data breach included, at a minimum:

  • Full name
  • Home address
  • Postal code
  • Date of birth
  • Health card number

Depending on the type of care received by BORN, the exposed data may also have included:

  • Dates of service/care,
  • Lab test results,
  • Pregnancy risk factors,
  • Type of birth,
  • Procedures,
  • Pregnancy and birth outcomes

BORN has created a web page with details about the impact the incident has on its patients and who is likely affected by the data theft.

Without revealing additional details about how many SickKids patients and associates were affected, the hospital also directed parties to visit BORN's aforementioned webpage, to find out if they have been impacted.

It is worth noting, SickKids may not be the only hospital to be affected by the BORN Ontario security incident, and similar such disclosures may be forthcoming from other healthcare providers in the upcoming weeks.

December last year, SickKids was hit by the LockBit ransomware group, who later apologized—blaming the erroneous act of targeting a medical facility on an affiliate, and offered the hospital a "free decryptor."

tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

Freedom Mobile discloses data breach exposing customer data

SonicWall says state-sponsored hackers behind September security breach

Korean Air data breach exposes data of thousands of employees

Coupang to split $1.17 billion among 33.7 million data breach victims

Hacker claims to leak WIRED database with 2.3 million records