Cyber attack: Coronial & health files targeted

Files from around the country, including the Bay of Plenty, have been targeted. Photo: File.

A cyber attack targeting thousands of coronial and health files has forced a "thorough investigation" by digital security experts.

The Ministry of Justice and Te Whatu Ora say access to data held by external IT provider Mercury IT has been blocked and multiple agencies were assessing the extent of the problem.

Access to 14,500 coronial files and about 4000 post mortem reports from around the country have been affected.

The coronial files relate to the transportation of people who have died during the period of November 2018 to November 2022.

The ministry says post-mortem data related to files from the Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland regions from March 2020 to November 2022.

About 8500 records for bereavement care services at Auckland's Middlemore Hospital and about 5500 files on the Cardiac and Inherited Disease Registry have also been impacted.

Te Whatu Ora says the registry is accessed by clinicians in Auckland, Wellington, Tauranga, Waikato, and Nelson.

The Privacy Commissioner's office says it was notified of the attack on November 30.

"Urgent work is underway to understand the number of organisations affected, the nature of the information involved and the extent to which any information has been copied out of the system," says a spokeswoman.

"The Office of the Privacy Commissioner is planning on opening a compliance investigation into this incident so that it can make full use of its information gathering powers."

It says cyber security breaches are "unfortunately becoming a regular occurrence".

"It is important that people who receive or find information related to this, or any other cyber attack, do the right thing.

"Do not spread it ... do not share it ... report it to the police."

Both the Ministry of Justice and Te Whatu Ora say there is no evidence of any unauthorised access or downloading of the files.

But the ministry's chief operating officer Carl Crafar can't rule out this possibility.

"We acknowledge that this incident has affected information that is sensitive.

"We will continue working to understand the extent of the incident.

"We are conscious that so-called malicious actors behind such activity can monitor public commentary on incidents of this nature so will not be providing more detailed information on our responses at this time."

Six regulatory health authorities have also been hit, comprising of include the Optometrists and Dispensing Opticians Board of New Zealand, the Chiropractic Board, the Podiatrists Board, the New Zealand Psychologists Board, the Dieticians Board, and the Physiotherapy Board of New Zealand.

"We understand that this situation may be distressing for people," says a Te Whatu Ora spokeswoman.

"We want to reassure the public that we are working swiftly with other government agencies and cyber security experts to determine the full nature, extent and potential impact of this incident."

A newly-released report into last year's cyber attack of the Waikato District Health Board says Te Whatu Ora needs to "think like a hacker" when building its security softwares.

The ransomware attack last May brought the DHB's hospitals and services to a halt for days, as it tried to restore its IT systems.

-RNZ.

0 comments

Leave a Comment


You must be logged in to make a comment.