New Zealand Breach May Affect 1 MillionHealth Data Breach Could Have Started as Early as 2016
Officials in New Zealand are investigating one or more data breaches at a healthcare provider that could have affected nearly 1 million patients, the Ministry of Health says. While the most recent cyber intrusion was discovered in August, it appears that attackers began accessing the Tū Ora Compass Health network as early as 2016 and continued until March of this year, authorities say.
Tū Ora, which provides primary care services to patients in several regions of New Zealand, first discovered a possible breach on Aug. 5, although the incident was not announced by authorities until Saturday.
"We cannot say for certain whether the cyberattacks resulted in any patient information being accessed," says Martin Hefford, CEO at Tū Ora. "Experts say it is likely we will never know. However, we have to assume the worst and that is why we are informing people."
In addition to New Zealand's Ministry of Health, local police and the country's National Cyber Security Center are also investigating the cyber incident.
“We are devastated that we weren’t able to keep people’s information safe,” Hefford says. “While this was illegal and the work of cybercriminals, it was our responsibility to keep people’s data safe and we’ve failed to do that.”
On Aug. 5, an unidentified attacker hacked and defaced the company's website as part of a larger cyber campaign, Tū Ora reports. Following that incident, the organization’s IT and security teams took several servers offline as part of the clean-up effort. They then discovered that some patient data may have been accessed.
Data potentially exposed includes, name, address, date of birth, ethnicity and unique national health index number, the organzation says.
Tū Ora outlined the remediation steps it is taking, which provide clues to just how vulnerable it may have been.
Part of the remediation plan includes moving Tū Ora’s website to a new platform. It is also installing a security incident and event monitoring platform and a web application firewall. And it plans to implement a security operations center.
“We are also part way through a planned movement to more modern, more secure infrastructure using Microsoft Azure,” it says. “The new Tū Ora Microsoft Azure environment will be fully secured, with a defense-in-depth approach to protecting all our electronic assets."
Microsoft’s platform will also allow Tū Ora to use device and application security tools, data loss prevention and full data encryption, it says. Tū Ora says the migration should be complete by April.
More broadly, the Ministry of Health says it is undertaking a review to ensure that the websites of public health organizations and district health boards are secure and don’t divulge patient data, Radio New Zealand reports.
In another recent incident in the region, medical facilities and hospitals across the state of Victoria in Australia sustained what appears to have been a ransomware attack (see: Australian Medical Facilities Hit by Ransomware).
The ransomware infected facilities in two large health networks: the Gippsland Health Alliance and the South West Rural Health Alliance.
(Managing Editor Jeremy Kirk contributed to this story.)