Comments On Sensitive Medical Data On 1 Million People Stolen In New Zealand Tū Ora Breach

Tū Ora Compass Health from New Zealand, a primary health organization (PHO) has disclosed a security breach that led to the exposure of medical and personally identifiable information (PII) of roughly 1 million people. The NGO notified the National Cyber Security Centre, Ministry of Health, Police, and other law enforcement agencies of the incident after its discovery on August 5 following the Tū Ora website’s defacement.

Commenting on the news are the following cybersecurity professionals:

Elad Shapira, Head of Research,  Panorays
October 09, 2019
Attackers can use this information for identity theft, insurance fraud, financial gain, or even blackmail.
This latest breach in New Zealand illustrates how third-party healthcare cybersecurity remains a pressing problem throughout the world. Tu Ora Compass Health was connected to 60 different general practice teams and other health providers, amounting to a breach of up to one million New Zealand patients' data. Health providers hold some of our most sensitive and confidential data: personal and demog ....
[Read More >>]
Robert Capps, VP ,  NuData Security
October 09, 2019
The loss of medical and PII data is a worry for all organizations, not just the targeted company.
Once data has been stolen, it’s used in a number of ways, including account takeover and identity fraud. More recently, we’ve seen a change in the value of stolen data as more and more intuitions are implementing user authentication solutions that render stolen data valueless. The loss of medical and PII data is a worry for all organizations, not just the targeted company. The data loss has th ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
October 09, 2019
Organizations should research which techniques best fit their environment.
According to the data breach statement, 17 years’ worth of personal data was potentially accessed not once, but four times before detected. Unfortunately, there did not seem to be protections placed on the data itself, which means the personal data was left in clear text form. It’s a good thing that no payment info, tax numbers, passport numbers, nor driver’s license numbers were on the se ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article