ITP Techblog

Brought to you by IT Professionals NZ
« Back to Health IT

Primary Health Org in massive data breach

Paul Brislen, Editor. 07 October 2019, 6:36 am

The Ministry of Health is reminding health care providers that as well as having a duty of care to patients, these organisations have a duty of care to their data as well.

The call comes after Wellington, Kāpiti, and Wairarapa's primary health organisation (PHO) Tū Ora Compass Health confirmed a massive data breach that could affect up to one million New Zealanders.

The Ministry has required all Primary Health Organisations and District Health Boards (DHB) to review their cyber security and report back by to the Ministry October 8.

The breach is still under investigation but it is believed no doctors' notes were involved, however the breach does include personally identifying information (PII) such as names, ages, ethnicities, and addresses.

Tū Ora Compass Health provides data services to Think Hauora and patient services to Cosine, Te Awakairangi Health Network and Ora Toa. The attack was initially thought to affect the PHO's website, which was defaced in August, but subsequent investigations show a series of breaches dating back to 2016 involving data dating back to 2002.

"Tū Ora holds data on individuals dating back to 2002, from the greater Wellington, Wairarapa and Manawatu regions.  Anyone who was enrolled with a medical centre in that period could potentially be affected. 

"Tū Ora does not hold your GP notes, these are held by individual medical centres.  This means the notes made on consultations you have had with your GP are not at risk of being illegally accessed through this cyber attack," says the PHO in a statement on its website.


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio