The Minister of Health must act swiftly to reassure New Zealanders that their health records are secure in the wake of a potentially significant cybersecurity breach at one of the country’s largest Public Health Organisations, National’s Health spokesperson Michael Woodhouse says.
“This cyber security breach may have seen information about the mental health, sexual health and other private enrolment information of several thousand past and present patients of practices with Tū Ora Compass PHO accessed and in criminal hands. This is an extremely serious and concerning breach.
“The response by the Government must be swift and decisive, not only to reassure patients of Tū Ora Compass, but of every single New Zealand organisation holding sensitive health records. The Health Minister also needs to ensure patients are aware of what identity data was accessed so that they can protect themselves against the potential for identity theft.
“Tū Ora Compass’s 2018 Annual Report summarises the number of enrolled patients receiving services such as sexual health, sexual assault and mental health services. That information is drawn from data that may have been the subject of the security breach. Every effort must be made to establish what sensitive data has been accessed or stolen.
“The Minister must also urgently investigate whether the breach was a Trojan Horse attempt to access other sensitive Government agency platforms where more sensitive information resides.
“This is not the first time there has been a significant data breach under this Government. Just last month there was a breach at the Ministry of Culture and Heritage, where information on children had been accessed. Earlier in the year staff at NZTA were at risk of personal identity theft after a USB drive containing staff identity cards was lost.
“New Zealanders need to have confidence in the agencies holding their personal data. This latest breach is extremely concerning, and many will be rightly worried about where their sensitive information is, and who has it.
“This breach is more wide-reaching than Tū Ora Compass PHO. Other providers could have been breached or at risk of a similar incursion, and the Minister must act swiftly and decisively to ensure that high standards of data protection are in place across the whole health sector.”