Cyberattack on New Zealand Tu Ora leaks 1 million data of patients


A sophisticated cyberattack that took place on New Zealand based Primary Health Organization Tu Ora Compass Health is reported to have leaked data of over 1 million patients. Highly placed sources say that the attack was caused due to an exploit that exposed data of District Health Boards and Primary Health Organizations (PHO).

Those impacted include Think Hauora, Ora Toa PHO, and Cosime PHO as per the press statement released by the Ministry of Health, New Zealand.

Cybersecurity Insiders learned that the information of over 913,360 patients was exactly hacked and accessed in the incident and authorities have fixed the vulnerability to avoid all future troubles.

“It was a data leak which took place from a known vulnerability”, said Martin Hefford, the Chief Executive of Tu Ora. He added that the healthcare services provider will take all necessary measures to keep the information safe in the future.

A digital apology from Hefford will reach all the contact IDs of the impacted patients and GP network by the end of next week.

Meanwhile, an investigation conducted by the authorities has disclosed that personal information like date of births of patients, names, ethnicity, national health number, cervical screening data, X-ray and ultrasound data, chronic conditions such as diabetes, BP info from lab results and other such enrollment info were reportedly accessed by hackers. However, no GP notes were exposed to hackers as they were secured on another server.

Attack Details- The official website of Tu Ora was defaced in August 2019 due to an exploit of a vulnerability in July’19. As the server went offline for almost 3 weeks the website remained inaccessible across the world.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display