Nearly a million New Zealanders face the risk that their medical data has been accessed illegally after a cyber-attack on the website of Tū Ora Compass Health, the company said on Saturday.
The website was hacked in August but investigations also uncovered previous attacks dating from 2016 to March 2019, the health firm, which collects and analyses patient information from medical centres, said in a statement.
“While this was illegal and the work of cyber criminals, it was our responsibility to keep people’s data safe and we’ve failed to do that,” Martin Hefford, Chief Executive Officer of Tū Ora, said in the statement.
Both Tū Ora and New Zealand’s Ministry of Health said they have not been able to determine whether the cyber-attacks resulted in any information being accessed.
Tū Ora said it holds health data on people from the greater Wellington, Wairarapa and Manawatu regions dating back to 2002.
The health ministry said in a statement that the data does not include notes made on consultations patients have had with general practitioners, but includes other information.
The information includes enrolment information at medical centres, patients’ National Health Index Number, name, date of birth, ethnicity and address, the ministry said.
In some cases, Tū Ora also holds additional clinical information used for health promotion, such as smoking status, and for managing chronic conditions such as diabetes.