Medical Data of 1 Million New Zealanders Potentially Exposed in Health System Breach -- Security Today

Medical Data of 1 Million New Zealanders Potentially Exposed in Health System Breach

The health organization realized during an investigation of an August breach that its systems had been breached several times prior to the known attack.

By Haley Samsel
Oct 14, 2019

A data breach at a primary health organization, or PHO, in New Zealand may have led to the exposure of the medical data of about 1 million people.

Tū Ora Compass Health, which had its systems and website hacked in August, is now revealing the potential ramifications of data breaches going back from 2016 to March 2019, TechRadar reported.

The full scale of the PHO’s cybersecurity issues was revealed as part of its investigation of the August breach. A statement from Tū Ora said that the organization is not sure if patient data was compromised or even accessed by an outside group.

“Despite careful investigation, we cannot say for certain whether or not the cyber attacks resulted in any individual patient information being accessed. It is likely we will never know," the statement said.

While the PHO oversees an area with a population of 648,000 people, the number of patients with exposed data goes into the millions because Tū Ora maintains data going back to 2002. Some of that data included names, ages, ethnicities and addresses in addition to more personal medical information, including smoking status, immunizations and more.

The New Zealand health ministry has been notified of the cyber attack, and all PHOS and health boards in the country were ordered to review their “external facing” cyber security by Oct. 8, according to The Dominion Post, a New Zealand news site. Tū Ora said it will move to a more “modern” and secure infrastructure with Microsoft Azure.

“The new Tū Ora Microsoft Azure environment will be fully secured, with a defense in depth approach to protecting all our electronic assets,” the organization said.

Jonathan Deveaux, the head of enterprise data protection at comforte AG, said that the case showed that the PHO did not appear to have encryption protections on the data itself and left it in clear text form.

“It’s a good thing that no payment info, tax numbers, passport numbers, nor driver’s license numbers were on the server; otherwise, those data elements would have been exposed as well,” Deveaux said. “It seems there may be some technology and business leaders who are still accepting the risk that their data is of no interest to hackers, or their business model is unattractive for threat-actors to access. The PHO data breach, and many other breaches reported, proves that this is not the case.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

The Future of Access Control: Cloud-Based Solutions for Safer Workplaces
- Access Control
A Look at AI

Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now
- Artificial Intelligence
First, Do No Harm: Responsibly Applying Artificial Intelligence

It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now
- Artificial Intelligence
Improve Incident Response With Intelligent Cloud Video Surveillance

Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now
- IP Video
Security Today Announces 2025 CyberSecured Award Winners

Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”