Te Whatu Ora loses access to 14,000 patient files amid cyber attacks

Te Whatu Ora loses access to 14,000 paitent files amid cyber attack. Photo / 123RF

A cyber attack has blocked access to approximately 14,000 files relating to cardiac, inherited disease and bereavement care, Te Whatu Ora has confirmed this afternoon.

Te Whatu Ora wrote in a statement the attack did not target the organisation directly but instead targeted an IT provider they work with.

This comes just hours after the Ministry of Justice confirmed it lost access to 14,500 coronial files and about 4000 post-mortem examination reports, as well as three other business organisations that had there had systems knocked offline due to a cyberattack.

The Herald understands these are all related to the same attack on IT provider Mercury IT (which has no connections to the Australian IT provider of the same name), who confirmed in a statement earlier today that it was hit by a cyberattack.

Of the Te Whatu Ora files blocked, approximately 8500 records are related to Bereavement care services data from Middlemore Hospital in Auckland, dating back to 2015.

Approximately 5500 records related to cardiac and inherited disease registry data of patients in Auckland, Wellington, Tauranga, Waikato, and Nelson dating back to 2011 have also been affected.

Te Whatu Ora said there is currently no evidence at this stage that they have been subject to unauthorised access or download. However, clinical teams and staff working in some areas cannot access certain types of data at present.

Te Whatu Ora claims that this has had “no disruption to health service delivery and that all Te Whatu Ora health services are continuing to run normally”.

In addition, the IT service provider’s incident has also affected six health regulatory authorities who have their services hosted by the IT service provider concerned.

These include the Optometrists and Dispensing Opticians Board of New Zealand, the Chiropractic Board, the Podiatrists Board, the New Zealand Psychologists Board, the Dietitians Board and the Physiotherapy Board of New Zealand.

Te Whatu Ora said they had been in contact with each of these organisations to offer support and will continue to work closely with them.

“We want to reassure the public that we are working swiftly with other Government agencies and cyber security experts to determine the full nature, extent and potential impact of this incident,” Te Whatu Ora wrote in a statement.

They encouraged anyone who was concerned about their information being affected to please contact Te Whatu Ora on 0800 638 924.

Earlier today, it was revealed three business organisations have had systems knocked offline due to the attack on Mecury IT, while another three have reported cyber incidents.

BusinessNZ’s website was offline Monday afternoon with an “under maintenance” message, while the Wellington Chamber of Commerce and its stablemate Business Central also had systems affected.

The New Zealand Nurses Organisation (NZNO), which represents more than 55,000 nurses and health workers, said in a website statement that it had also been affected by a cyber-attack on its IT provider, who was not named.

The Ministry of Justice was also affected by the attack, losing access to 14,500 coronial files and about 4000 post-mortem examination reports. In a statement, they also claimed there was no evidence at this stage that the data had been taken, but did not rule out the possibility.

Late on Friday, health insurer Accuro also said its customer data could have been exposed in a cyber attack.