Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

New Zealand Breach May Affect 1 Million

Health Data Breach Could Have Started as Early as 2016
New Zealand Breach May Affect 1 Million

Officials in New Zealand are investigating one or more data breaches at a healthcare provider that could have affected nearly 1 million patients, the Ministry of Health says. While the most recent cyber intrusion was discovered in August, it appears that attackers began accessing the Tū Ora Compass Health network as early as 2016 and continued until March of this year, authorities say.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

Tū Ora, which provides primary care services to patients in several regions of New Zealand, first discovered a possible breach on Aug. 5, although the incident was not announced by authorities until Saturday.

"We cannot say for certain whether the cyberattacks resulted in any patient information being accessed," says Martin Hefford, CEO at Tū Ora. "Experts say it is likely we will never know. However, we have to assume the worst and that is why we are informing people."

In addition to New Zealand's Ministry of Health, local police and the country's National Cyber Security Center are also investigating the cyber incident.

“We are devastated that we weren’t able to keep people’s information safe,” Hefford says. “While this was illegal and the work of cybercriminals, it was our responsibility to keep people’s data safe and we’ve failed to do that.”

Breach Details

On Aug. 5, an unidentified attacker hacked and defaced the company's website as part of a larger cyber campaign, Tū Ora reports. Following that incident, the organization’s IT and security teams took several servers offline as part of the clean-up effort. They then discovered that some patient data may have been accessed.

Data potentially exposed includes, name, address, date of birth, ethnicity and unique national health index number, the organzation says.

Tū Ora outlined the remediation steps it is taking, which provide clues to just how vulnerable it may have been.

Part of the remediation plan includes moving Tū Ora’s website to a new platform. It is also installing a security incident and event monitoring platform and a web application firewall. And it plans to implement a security operations center.

“We are also part way through a planned movement to more modern, more secure infrastructure using Microsoft Azure,” it says. “The new Tū Ora Microsoft Azure environment will be fully secured, with a defense-in-depth approach to protecting all our electronic assets."

Microsoft’s platform will also allow Tū Ora to use device and application security tools, data loss prevention and full data encryption, it says. Tū Ora says the migration should be complete by April.

More broadly, the Ministry of Health says it is undertaking a review to ensure that the websites of public health organizations and district health boards are secure and don’t divulge patient data, Radio New Zealand reports.

In another recent incident in the region, medical facilities and hospitals across the state of Victoria in Australia sustained what appears to have been a ransomware attack (see: Australian Medical Facilities Hit by Ransomware).

The ransomware infected facilities in two large health networks: the Gippsland Health Alliance and the South West Rural Health Alliance.

(Managing Editor Jeremy Kirk contributed to this story.)

About the Author

Akshaya Asokan

Akshaya Asokan

Consultant Editor, ISMG

Asokan is a consultant editor for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.