Medical Data of 1 Million New Zealanders Potentially Exposed in Health System Breach

Medical Data of 1 Million New Zealanders Potentially Exposed in Health System Breach

The health organization realized during an investigation of an August breach that its systems had been breached several times prior to the known attack.

A data breach at a primary health organization, or PHO, in New Zealand may have led to the exposure of the medical data of about 1 million people. 

Tū Ora Compass Health, which had its systems and website hacked in August, is now revealing the potential ramifications of data breaches going back from 2016 to March 2019, TechRadar reported

The full scale of the PHO’s cybersecurity issues was revealed as part of its investigation of the August breach. A statement from Tū Ora said that the organization is not sure if patient data was compromised or even accessed by an outside group. 

“Despite careful investigation, we cannot say for certain whether or not the cyber attacks resulted in any individual patient information being accessed. It is likely we will never know," the statement said. 

While the PHO oversees an area with a population of 648,000 people, the number of patients with exposed data goes into the millions because Tū Ora maintains data going back to 2002. Some of that data included names, ages, ethnicities and addresses in addition to more personal medical information, including smoking status, immunizations and more. 

The New Zealand health ministry has been notified of the cyber attack, and all PHOS and health boards in the country were ordered to review their “external facing” cyber security by Oct. 8, according to The Dominion Post, a New Zealand news site. Tū Ora said it will move to a more “modern” and secure infrastructure with Microsoft Azure. 

“The new Tū Ora Microsoft Azure environment will be fully secured, with a defense in depth approach to protecting all our electronic assets,” the organization said. 

Jonathan Deveaux, the head of enterprise data protection at comforte AG, said that the case showed that the PHO did not appear to have encryption protections on the data itself and left it in clear text form. 

“It’s a good thing that no payment info, tax numbers, passport numbers, nor driver’s license numbers were on the server; otherwise, those data elements would have been exposed as well,” Deveaux said. “It seems there may be some technology and business leaders who are still accepting the risk that their data is of no interest to hackers, or their business model is unattractive for threat-actors to access. The PHO data breach, and many other breaches reported, proves that this is not the case.”

 

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Survey: Less Than Half of IT Leaders are Confident in their IoT Security Plans

    Viakoo recently released findings from its 2024 IoT Security Crisis: By the Numbers. The survey uncovers insights from IT and security executives, exposes a dramatic surge in enterprise IoT security risks, and highlights a critical missing piece in the IoT security technology stack. The clarion call is clear: IT leaders urgently need to secure their IoT infrastructure one application at a time in an automated and expeditious fashion. Read Now

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3