Serviceteam IT Security News

A health organization in New Zealand that was targeted in a global cyber-incident in August has uncovered evidence of earlier attacks dating back three years.

Tū Ora Compass Health took its server offline and strengthened its IT security following a cyber-attack on its website in August. On Saturday, the primary health organization (PHO) announced that an investigation by authorities, including the police, Ministry of Health, and the National Cyber Security Centre, has found evidence of multiple earlier attacks dating from 2016 to early 2019.

Martin Hefford, chief executive officer of Tū Ora Compass Health, said: “As stewards of people’s information, data security is of utmost importance to Tū Ora Compass Health. We are devastated that we weren’t able to keep people’s information safe. 

“While this was illegal and the work of cybercriminals, it was our responsibility to keep people’s data safe, and we’ve failed to do that.”

Tū Ora holds information dating back to 2002 on approximately 1 million individuals from the greater Wellington, Wairarapa, and Manawatu regions. Tū Ora does not hold GP notes, which are held by individual medical centers.

The organization is one of 30 PHOs that collect data from medical centers, then analyze it to ensure patients are screened for diseases like cancer and receive treatment for chronic conditions, including diabetes.

“We don’t know the motive behind the attacks, and we cannot say for certain whether or not these have resulted in any patient information being accessed, but we have laid a formal complaint with police,” said Hefford. “Experts say it is likely we will never know. However, we have to assume the worst, and that is why we are informing people.”

New Zealand’s director-general of health, Dr. Ashley Bloomfield, said: “We have been working with the Government Communications and Security Bureau’s National Cyber Security Centre to investigate this intrusion and check if other PHOs and DHBs might be at risk.

“This work is ongoing, and we expect to have an initial assessment in the next two weeks. We are also commissioning further independent reviews of the security of PHO and DHB information systems.”

Elad Shapira, head of research at Panorays, commented that the best way for hackers to reach sensitive and confidential information is often through third parties, who can access data but lack the adequate security to guard it. 

He said: “For this reason, assessing and continuously monitoring healthcare organizations’ third-party security is critical.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!