Over 20 million attempts to hack into health database

The hacker tried to gain access to DrInfo, which has the medical records of several million patients. Photo / Thinkstock

Police are investigating after attempts were allegedly made to hack a nationwide patient database.

In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9.

He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.

''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.

DrInfo co-founder and chief executive Sam Jacobs said, when contacted in Auckland, DrInfo did not hold medical information but was used as a prompt for patient health checks, or recalls for overdue checks, such as for cancer screening, cardiovascular issues or immunisations.

DrInfo was used by 60% of the country's medical centres, in 600 practices, covering ''several million patients'', Mr Jacobs estimated.

Police had handed the investigation to its national cyber crime unit, but Mr Jacobs was unaware how long the investigation might take.

He ''had heard some speculation'' about the possibility of Southern involvement in the hacking, but ''at the moment, we just don't know''.

Dr Abbott said when contacted he, too, was aware of the concerns of some in the Southern medical fraternity but he ''couldn't speculate further'' on a Southern connection.

''The good news out of this is that no [patient] information was actually hacked,'' Dr Abbott said.

One Dunedin health practitioner, who did not want to be identified, claimed a group in the South had attempted to hack the database, not necessarily to access individual records, but possibly to cause issues for DrInfo.

Dr Abbott said the attack was unusual, in that it was ''sustained, of significant size and appeared to be originating from within New Zealand''.

''Nevertheless, we encourage you to ensure that your passwords are advanced and not simple to guess,'' Dr Abbott said in his warning letter to health professionals.