News

One million New Zealanders Have Data Compromised in Healthcare Breach

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

Around one million New Zealanders had their data compromised by a security breach at one of NZ's Primary Health Organisations (PHOs*), Tū Ora Compass Health.

According to a statement released by Tū Ora, the PHO's website was "attacked as part of a global cyber incident" on August 5, at which time the PHO took its server offline and strengthened their IT security, while starting an in-depth investigation.

"The investigation has found previous cyber attacks dating from 2016 to early March 2019," said Tū Ora. "We don't know the motive behind the attacks (and) have laid a formal complaint with Police ... they are investigating."

Tū Ora holds patient data going back to 2002, from the greater Wellington, Wairarapa and Manawatu regions, an area with a population of around 650,000 people (NZ's population: 4.8 million). Taking into account former patients who have moved away from the area, or are deceased, that number increases to nearly one million.

The affected data included names of those enrolled at medical centres, their National Health Index Number, name, date of birth, ethnicity and address. Other information such as financial details (bank/credit card numbers) and passport, tax and driver license numbers wasn't compromised in the breach.

Tū Ora Chief Executive Martin Hefford apologised for the inciddent and confirmed the PHO has moved its public websites to a new platform and strengthened its security measures by, among others, "enhancing its anti-virus and email scanning software, implementing a Security Incident and Event Management system, as well as a Web Application Firewall, and establishing a Security Operations Centre for real time monitoring and resolution of cyber threats."

The PHO is also moving to a fully secured "Microsoft Azure environment".

*PHOs are funded by district health boards and provide primary health care services to those enrolled with the PHO.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203