Cyber Attack Compromised Data of 1 Million NZ Patients


A cyber attack on primary health organization (PHO) Tu Ora Compass Health led to the disclosure of 1 million patient data, reported Radio New Zealand. This came to light in August after conducting security checks following an incident that compromised their website.

Cyber Attack Compromised Data


Tu Ora, a data solutions service provider for health organizations, handles patient data as far back as 2002. The firm covers patients from the Manawatu regions, Wairarapa and the greater Wellington. This brings the number of affected individuals up to nearly a million.

Several bodies conducted investigations in light of the attack. This includes the National Cyber Security Centre, the Ministry of Health, the police and other agencies.

More than once

According to their findings, the August hack indicates its part in a “global cyber incident.” The agencies also learned that the “sophisticated” hack was carried out more than once, reported the New Zealand Herald. In fact, the PHO has been suffering from attacks periodically over a span of three years.


Tu Ora chief executive Martin Hefford said that the incident occurred due to illegal activities which is “the work of cybercriminals.” Nevertheless, the PHO is “devastated” in their failure to maintain the safety of patient information. Hefford also acknowledged that “it [is their] responsibility to keep people’s data safe and [they have] failed to do that.”

There is no information as to whether the criminals accessed patient information. Tu Ora noted that there is a slim chance of verifying this.

The PHO clarified that it does not handle general practice notes and that these documents are stored in their respective medical centres. However, the organization promised that it is doing everything in its power to avoid another incident.

‘Wake-up call’

Bryan Betty from the College of General Practitioners remarked that such a large-scale hack should serve as a “wake-up call” for the health industry. Similarly, Health Minister David Clark said that the possible compromising of patients’ private data is “unacceptable.”

Clark added that people “have every right to expect their health data is secure.” To this end, he assured the public that steps are being taken to ensure this. The government will also be offering immediate priority to patients who may fall victim due to this incident.

Tu Ora also provides clinical services including mental health care and podiatry.  Aside from Tu Ora, there are 29 other PHOs in charge of gathering and analyzing general practice notes.