DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Rouge Valley privacy breach bigger than originally thought (updated)

Posted on August 27, 2014 by Dissent

A breach at Rouge Valley Centenary that involved the contact information of 8,300 new mothers possibly being sold by two employees to multiple Registered Education Savings Plan (RESP) companies may also have affected new mothers at Rouge Valley Health System’s (RVHS) Ajax and Pickering site as well.

It is not clear, however, whether the same two employees were responsible.  CP24 has the update.

In June, a $412 million potential class action lawsuit was filed against Rouge Valley Centenary.

On August 8, RVHS posted a notice to patients on its website, linked from the home page:

Notice to patients of the Rouge Valley Centenary Birthing Centre unit between November 2009 and early July 2014, and Rouge Valley Ajax and Pickering Maternal and Newborn Services unit between April 2014 and early July 2014

In compliance with section 12(2) of the Personal Health Information Protection Act, this notice is to notify the above noted patients of a privacy breach which was confirmed in early July 2014.

For some time, the hospital’s birthing centres offered baby photography services through Just Arrived Baby Photography (the photographer). The photography service has been in place at our Rouge Valley Centenary (RVC) campus since November 2009 and at the Rouge Valley Ajax and Pickering (RVAP) campus since April 2014. We have recently learned that instead of simply receiving the name and room number of new mothers to determine whether new mothers would like to receive the photography services offered, the photographer was provided with a list daily which contained patient name, room number, age, gender, physician name, length of stay in hospital, type of diet (RVAP only), type of room accommodation in hospital (RVC only) and reason for admission to hospital (RVC only).

The list was only used to approach new mothers in the hospital to offer photography services. It was not used for any other purpose and it was not provided to any third party. The list never left the hospital, and it was shredded by the photographer.

The hospital takes privacy protection very seriously and sincerely regrets this breach of privacy. We are conducting a review of our practices to ensure that privacy is protected. The Information & Privacy Commissioner/Ontario has also been notified.

If you would like to discuss this matter or you have any questions, please do not hesitate to contact our Patient Relations office at [email protected] or call 416-284-8131 ext. 4742.

The notice is somewhat puzzling as it seems to say an external breach didn’t happen via the photography service, but it doesn’t explain what did happen or how the external breach occurred.

Update: Toronto Star reports that the second location had 6,000 patients affected.

Related posts:

  • Ca: Rouge Valley Hospital employee involved in privacy breach charged by Securities Commission
  • When a Patient’s Death is Broadcast Without Permission
Category: Uncategorized

Post navigation

← MD: Ride On officials investigate potential passenger privacy breach
UT: Alta Sports Center changes policies after carpool van is stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.