A primary health organization, or PHO – NGOs providing vital primary health services in New Zealand – has just uncovered a huge vulnerability that could potentially expose medical data to about 1 million people.
The PHO is Tū Ora Compass Health, whose website was defaced on 5 August and the New Zealand authorities were informed of a cyberattack, reports Bleeping Computer.
The organization took its server offline as soon as it discovered that security had been compromised and initiated an investigation while increasing IT security.
This investigation revealed earlier cyber attacks dating back to 2016 and to March 2019.
The statement by Tū Ora states that the background of the attacks is unknown and it is not certain whether or not patient data has been compromised, although there is no evidence that such data has been accessed.
The organization said, "We can not say for sure whether cyber attacks have resulted in accessing patient information or not. Experts say it's likely we'll never know. However, we have to accept the worst and therefore inform the people. "
Of course that does not sound too comforting.
Tū Ora has data on people in the Wellington, Wairarapa and Manawatu regions. The records date back to 2002. Anyone enrolled at a medical center after this time could potentially be affected by the injury.
The population in these areas totals 648,000 people, although the data actually affects 1 million people when those who have moved away or are deceased are included.
However, the organization must make it clear that there are no family doctor's notes so that details from consultation with doctors are not compromised (even Tū Ora did not include any of the data in patient portals).
Tū Ora's information includes the patient's name and date of birth, ethnicity, national health index number, and the address and medical center in which they are enrolled.
In addition, there are various information provided by medical centers, e.g. For example, records of which children are about to be vaccinated and whether, for example, people over the age of 65 have received flu shots.
To improve security, the company has moved to a new platform, improving antivirus and email scanning software, and setting up a security operations center for real-time threat monitoring.
Tū Ora noted, "We are also moving towards a more modern, secure infrastructure with Microsoft Azure. Tū Ora's new Microsoft Azure environment will be fully secured and take a comprehensive approach to protecting all of our electronic assets. "
Paul Edon, senior director, technical sales and service for security company Tripwire, commented, "By consolidating hundreds of thousands of patient records in a single database, the risk of compromising patient data in the event of a breach increases. To ensure patient care and safety, healthcare organizations must ensure that their environment is properly protected against unauthorized changes and misconfigurations that can make their environment susceptible to cyber-attacks.
"With cyber attacks on healthcare organizations increasing, it's no longer enough just to stick to security policies. When preserving this type of data, it is important to choose an encryption solution that not only protects the database instances, but also provides protection for data that is transmitted and in hibernation. "
The price written on this page is true as the time it is written. It may change at any moment.