DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Rouge Valley privacy breach bigger than originally thought (updated)

Posted on August 27, 2014 by Dissent

A breach at Rouge Valley Centenary that involved the contact information of 8,300 new mothers possibly being sold by two employees to multiple Registered Education Savings Plan (RESP) companies may also have affected new mothers at Rouge Valley Health System’s (RVHS) Ajax and Pickering site as well.

It is not clear, however, whether the same two employees were responsible.  CP24 has the update.

In June, a $412 million potential class action lawsuit was filed against Rouge Valley Centenary.

On August 8, RVHS posted a notice to patients on its website, linked from the home page:

Notice to patients of the Rouge Valley Centenary Birthing Centre unit between November 2009 and early July 2014, and Rouge Valley Ajax and Pickering Maternal and Newborn Services unit between April 2014 and early July 2014

In compliance with section 12(2) of the Personal Health Information Protection Act, this notice is to notify the above noted patients of a privacy breach which was confirmed in early July 2014.

For some time, the hospital’s birthing centres offered baby photography services through Just Arrived Baby Photography (the photographer). The photography service has been in place at our Rouge Valley Centenary (RVC) campus since November 2009 and at the Rouge Valley Ajax and Pickering (RVAP) campus since April 2014. We have recently learned that instead of simply receiving the name and room number of new mothers to determine whether new mothers would like to receive the photography services offered, the photographer was provided with a list daily which contained patient name, room number, age, gender, physician name, length of stay in hospital, type of diet (RVAP only), type of room accommodation in hospital (RVC only) and reason for admission to hospital (RVC only).

The list was only used to approach new mothers in the hospital to offer photography services. It was not used for any other purpose and it was not provided to any third party. The list never left the hospital, and it was shredded by the photographer.

The hospital takes privacy protection very seriously and sincerely regrets this breach of privacy. We are conducting a review of our practices to ensure that privacy is protected. The Information & Privacy Commissioner/Ontario has also been notified.

If you would like to discuss this matter or you have any questions, please do not hesitate to contact our Patient Relations office at [email protected] or call 416-284-8131 ext. 4742.

The notice is somewhat puzzling as it seems to say an external breach didn’t happen via the photography service, but it doesn’t explain what did happen or how the external breach occurred.

Update: Toronto Star reports that the second location had 6,000 patients affected.

Category: Uncategorized

Post navigation

← MD: Ride On officials investigate potential passenger privacy breach
UT: Alta Sports Center changes policies after carpool van is stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand
  • UK: Post Office to compensate hundreds of data leak victims
  • How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
  • Cocospy stalkerware apps go offline after data breach
  • Ex-NSA bad-guy hunter listened to Scattered Spider’s fake help-desk calls: ‘Those guys are good’
  • Former Sussex Police officer facing trial for rape charged with 18 further offences relating to computer misuse
  • Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy
  • Fresno County fell victim to $1.6M phishing scam in 2020. One suspected has been arrested, another has been indicted.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law
  • Montana Becomes First State to Close the Law Enforcement Data Broker Loophole
  • Privacy enforcement under Andrew Ferguson’s FTC

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.