Te Whatu Ora Health New Zealand is currently investigating a cyber incident involving its IT service provider which impacted access to thousands of data relating to bereavement and cardiac services across its network.

On Tuesday, the organisation said access to some information held by its IT service provider was blocked following a cyber attack. 

This includes approximately 8,500 bereavement care services records from Middlemore Hospital dating back to 2015 and 5,500 records from the cardiac inherited disease registry dating back to 2011 and accessed by clinicians in Auckland, Wellington, Tauranga, Waikato, and Nelson.

The incident, however, did not cause any disruption to Te Whatu Ora health services as its systems were not directly targeted. Moreover, there is no evidence so far that the inaccessible data has been subject to unauthorised access or download.

"We understand that this situation may be distressing for people. We want to reassure the public that we are working swiftly with other government agencies and cybersecurity experts to determine the full nature, extent, and potential impact of this incident. As further facts are established, we will work to communicate these as swiftly as possible," Te Whatu Ora said in a statement. 

"These investigations are at a very early stage and will take some time to complete," it further noted.

Additionally, the incident has affected six other health regulatory authorities whose services are also hosted by the same IT service provider. These are the Optometrists and Dispensing Opticians Board of New Zealand, the Chiropractic Board, the Podiatrists Board, the New Zealand Psychologists Board, the Dietitians Board and the Physiotherapy Board of New Zealand. 

Te Whatu Ora has already reached out to each organisation to offer support.

THE LARGER TREND

Also on Tuesday, Te Whatu Ora released an independent analysis report into last year's cyberattack on the former Waikato District Health Board. Prepared by local cybersecurity specialist InPhySec Security, the report suggested among other things the upgrade of the health system's Coordinated Incident Management System, systematic logging and monitoring of its data estate, and the conduct of cyberattack simulations. 

Aside from Te Whatu Ora and Waikato DHB, the Pinnacle Midlands Health Network also recently reported an IT breach. In late September, hackers were able to access from its third-party IT server six years' worth of health information and some of Pinnacle’s corporate information. The compromised data was confirmed to have been leaked on the dark web in October. Pinnacle is still trying to identify whose information got exposed in the leak.