ABOUT Tū Ora …

Compass Health Wellington Trust (formerly named the Greater Wellington Health Trust) was formed in 1997 to contract with District Health Boards and other funders to provide health services, and was managed by the Wellington Independent Practitioner’s Association (WIPA, formed in 1995). Compass Health in its present state was formed in July 2010 by the merger of three existing PHOs: Capital PHO, Tumai Mo Te Iwi, and Kapiti PHO. Wairarapa PHO was then merged into Compass Health in 2012.

How “DATA BREACH” took place…

On October 5, the PHO said its website was defaced during a cyber incident that occurred in August. The public compromise of the website led to an investigation into Compass Health’s overall IT systems and security posture, leading to the discovery of cyberattacks dating back from 2016 to March 2019. While, the areas primarily affected by the attacks include Wairarapa, Wellington, and Manawatu regions. In all, the count of affectees may rise to 1 million. It is also assumed that administrative rights may have been compromised during the cybersecurity incident, but Chief executive Martin Hefford stated that this was not known whether hackers obtained such rights to the PHO servers.Experts ruled out any risks that hackers may interfere with medical center systems and access other networks

What information is leaked in the breach…

The data breach may include information like names, birth dates, address, ethnicity, National Health Index number, and the medical center they enrolled with. Furthermore, it may also include some other medical and health information. However, the organization assured that the individuals’ GP notes remained safe.

Further steps taken by Tū Ora…

Upon noticing multiple cyber attacks happened in the past, Tū Ora launched investigations regarding them. They also reported the matter to relevant authorities, including the National Cyber Security Centre, Ministry of Health, and the Police. After the recent discoveries and history of cyberattacks in the industry, the company reacts and says that their websites will be moving to the Microsoft Azure platform that uses Microsoft 365 suite’s Advanced Threat Protection.

Current situation

This situation should be under control since Privacy Commissioner John Edwards confirmed his office was notified shortly after the data breach discovery. Patients should be aware since there is no guarantee that information was not exfiltrated by a third-party.

CREDITS : Abeerah Hashim

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *