Telephone numbers, dates of birth, addresses and names of not only mothers but also their infants were sold as well.
Employees of medical facilities in Toronto sold data on 8300 patients to commercial companies at Toronto's Rouge Valley Hospital from 2010 to 2014. As Zecurion Analytics representatives reported the data belonged to young mothers, while staying at the hospital.
Moreover, addresses, telephone numbers, dates of birth, names of not only patients, but also their infants were sold.
As for the buyers they were commercial companies that provide "services for the management of savings accounts for children's education (RESP- accounts)."
As a consequence, new parents received a lot of calls and messages, where services for opening and maintaining RESP-accounts were offered. It is known that the Office of the Information and Privacy Commissioner and the Ontario Securities Commission are both investigating the affair.
The hospital launched an internal investigation and in December sent letters to 7,600 patients who may have been affected and after a two-month investigation, the hospital sent letters to a further 699 patients in May.
"As a rule, it is paid special attention to such cases in the west. If the investigation reveals that the leak occurred due to insufficient attention to the protection of personal information, the hospital can be punished in fines up to several millions of dollars", Alexander Kovalev, Zecurion CEO deputy said.