Fear patient data may have been stolen from Auckland DHBs | Stuff.co.nz
Fear patient data may have been stolen from Auckland DHBs
Tom Pullar-Strecker
15:29, Jul 23 2021
26
Counties Manukau reported possible data breach to the Office of the Privacy Commissioner on Wednesday.
CLAIRE EASTHAM-FARRELLY/RNZ
Counties Manukau reported possible data breach to the Office of the Privacy Commissioner on Wednesday.
A data breach may have occurred at the organisation that provides health IT services to more than a third of the country, amid growing indications of a serious cyber-security incident.
A spokeswoman for the Office of the Privacy Commissioner said it was notified by Counties Manukau DHB of a possible data breach on Wednesday.
The notification was made by the DHB on behalf of HealthAlliance, which also provides the IT services used by Auckland, Waitemata and Northland district health boards.
A spokesman for HealthAlliance said earlier that it had “identified indications of unusual activity on its technology systems”.
READ MORE:
* NZ stands with partners to censure China on cyberattacks
* Russia-based ransomware gang offline but cause not clear
* 'Shut down everything:' Global ransomware attack takes a small US town offline
* Cyber attack: Government not considering making payment of cyber attack ransom an offence - minister
An investigation was underway to understand and address the cause of the unusual activity, the spokesman said.
ADVERTISEMENT
Advertise with Stuff
A spokesman for the Ministry of Health said it was “providing support to the investigation”.
MORE FROM
TOM PULLAR-STRECKER • SENIOR BUSINESS JOURNALIST
[email protected]
Comment has been sought from HealthAlliance on whether patient information may have been compromised.
Brett Callow, a cybersecurity expert at Nelson company Emsisoft, said “indications of unusual activity” could indicate that HealthAlliance was either experiencing a ransomware attack or had noticed indicators of compromise consistent with the early stages of a ransomware attack.
It is common for ransomware attackers to secretly steal information from victims that they can later use for blackmail, prior to showing their hand by encrypting victims’ files.
HealthAlliance’s spokesman indicated there was nothing to link the activity to the ransomware attack on Waikato DHB in May and said all northern region DHB IT systems were functioning normally.
It is common for ransomware attacks to steal data in the early stages of their attacks.
MIKA BAUMEISTER/UNSPLASH
It is common for ransomware attacks to steal data in the early stages of their attacks.
HealthAlliance acknowledged the incident after Stuff was tipped off that DHBs had been briefed about what a clinician understood to be a “significant cyber event”.
“HealthAlliance are running the incident, they’ve told their customers (DHBs) they are dealing with a serious hack,” the clinician said.
“Management have told us something is going on, but are very light on details,” they said.
The Government and Ministry of Health were involved, they said.
The four DHBs supported by HealthAlliance together serve about 1.9 million New Zealanders.
ADVERTISEMENT
Advertise with Stuff
The clinician said health workers were concerned about the safety of patient data, given the ransomware attack that unfolded at Waikato DHB in May.
“I’m worried about possible impacts on patient care.”
There were lots of rumours that the incident could be similar to what happened in Waikato, they said.
A HealthAlliance spokeswoman said she was not aware of a cyber-security incident when first contacted by Stuff on Friday morning.
Auckland DHB and Waitemata spokespeople also appeared to have no knowledge of the matter.
But a HealthAlliance spokesman later confirmed the unusual activity after consultations with other staff.
Tom Pullar-Strecker
15:29, Jul 23 2021
26
Counties Manukau reported possible data breach to the Office of the Privacy Commissioner on Wednesday.
CLAIRE EASTHAM-FARRELLY/RNZ
Counties Manukau reported possible data breach to the Office of the Privacy Commissioner on Wednesday.
A data breach may have occurred at the organisation that provides health IT services to more than a third of the country, amid growing indications of a serious cyber-security incident.
A spokeswoman for the Office of the Privacy Commissioner said it was notified by Counties Manukau DHB of a possible data breach on Wednesday.
The notification was made by the DHB on behalf of HealthAlliance, which also provides the IT services used by Auckland, Waitemata and Northland district health boards.
A spokesman for HealthAlliance said earlier that it had “identified indications of unusual activity on its technology systems”.
READ MORE:
* NZ stands with partners to censure China on cyberattacks
* Russia-based ransomware gang offline but cause not clear
* 'Shut down everything:' Global ransomware attack takes a small US town offline
* Cyber attack: Government not considering making payment of cyber attack ransom an offence - minister
An investigation was underway to understand and address the cause of the unusual activity, the spokesman said.
ADVERTISEMENT
Advertise with Stuff
A spokesman for the Ministry of Health said it was “providing support to the investigation”.
MORE FROM
TOM PULLAR-STRECKER • SENIOR BUSINESS JOURNALIST
[email protected]
Comment has been sought from HealthAlliance on whether patient information may have been compromised.
Brett Callow, a cybersecurity expert at Nelson company Emsisoft, said “indications of unusual activity” could indicate that HealthAlliance was either experiencing a ransomware attack or had noticed indicators of compromise consistent with the early stages of a ransomware attack.
It is common for ransomware attackers to secretly steal information from victims that they can later use for blackmail, prior to showing their hand by encrypting victims’ files.
HealthAlliance’s spokesman indicated there was nothing to link the activity to the ransomware attack on Waikato DHB in May and said all northern region DHB IT systems were functioning normally.
It is common for ransomware attacks to steal data in the early stages of their attacks.
MIKA BAUMEISTER/UNSPLASH
It is common for ransomware attacks to steal data in the early stages of their attacks.
HealthAlliance acknowledged the incident after Stuff was tipped off that DHBs had been briefed about what a clinician understood to be a “significant cyber event”.
“HealthAlliance are running the incident, they’ve told their customers (DHBs) they are dealing with a serious hack,” the clinician said.
“Management have told us something is going on, but are very light on details,” they said.
The Government and Ministry of Health were involved, they said.
The four DHBs supported by HealthAlliance together serve about 1.9 million New Zealanders.
ADVERTISEMENT
Advertise with Stuff
The clinician said health workers were concerned about the safety of patient data, given the ransomware attack that unfolded at Waikato DHB in May.
“I’m worried about possible impacts on patient care.”
There were lots of rumours that the incident could be similar to what happened in Waikato, they said.
A HealthAlliance spokeswoman said she was not aware of a cyber-security incident when first contacted by Stuff on Friday morning.
Auckland DHB and Waitemata spokespeople also appeared to have no knowledge of the matter.
But a HealthAlliance spokesman later confirmed the unusual activity after consultations with other staff.
