- About a million New Zealanders have had their data exposed and possibly accessed by hackers.
- The breached organization discovered the old breach only recently, following a defacing attack.
- People are advised to stay calm, as little about the extent of the incident is known yet.
According to an announcement by the Tū Ora Compass Health organization, approximately one million New Zealanders have had their sensitive medical data accessed by an unauthorized party quite a while back. The Wellington-based health organization has revealed that anyone who enrolled in one of their medical centers between 2002 and 2019 could have been affected by the data breach. The extent of the incident is so large that the organization has trouble ascertaining specific key aspects around it. For example, the Manawatū PHO THINK Hauora may or may not have been affected, and the one million citizens is a rough estimate right now that may be far from the actual truth.
Similarly, while the servers of Tū Ora have definitely been accessed, whether or not the actors touched any patient data remains unknown. The information that could have been downloaded from these servers includes full names, the National Health Index Number (NHIN), date of birth, ethnicity, and home address. For some patients, there are additional entries like their smoking status or information about any chronic conditions they may suffer from. A few thousands of the entries concern children patients, holding vaccination data, etc. Obviously, since the entries go back to 2002, some of the people who are affected are already dead now.
Furthering the uncertainty, Tū Ora can’t say anything about the attacker and who could be behind the hack. They only discovered it after their website was defaced, and took the server down for a closer investigation. As they clarify, they know little about what really happened because they kept no auditing logs before 2016. All that said, and as you can’t opt-out of the GP data collection right now due to system limitations, the only thing that you can do is to change your passwords everywhere and keep your software up to date.
Remember, you are now vulnerable to scams, phishing, impersonation, and other kinds of cyber-attacks, so stay alert. If you want to know more about whether you are among the affected, called Tū Ora’s support line on 0800 499 500, or +64 69276930 if you reside overseas. Right now, the Government Communications Security Bureau is actively involved in the case, so more details about what happened will surface soon. If you can’t wait until then and feel very distressed, there’s a special line for you on “1737”, set up for individual psychological support.