Canada’s Rouge Valley Centenary Hospital recently acknowleged that two former hospital employees had leaked as many as 8,300 patients’ personal information to outside companies.
Hospital spokesman David Brazeau told the Toronto Star that the patients’ names, addresses and phone numbers were sold to private companies selling Registered Education Savings Plans (RESPs).
“We’ve apologized and informed as many patients as we could,” Brazeau said. “It’s something that should not have occurred.”
Most of those affected were new mothers who gave birth at the hospital between 2009 and 2013.
Theeban Nanthakumar, whose wife gave birth to three daughters at the hospital between 2010 and 2013, told the Toronto Star he was inundated with calls from marketers following the breach.
Brazeau said the breach was first uncovered in October of 2013 when one of the employees involved came forward. The second employee’s involvement wasn’t discovered until March 2014.
“Patient care and privacy are of utmost importance to the hospital,” Brazeau said. “We’re going to take this as a way to improve what we do, so this kind of thing can be prevented.”