Data of up to 450k patients released online after cyberattack hits New Zealand medical network

Updated on: 10 October 2022

Anna Zhadan
Contributor

Medical records — Patient record. Image from Shutterstock

Sensitive patient data of a large New Zealand medical network has been posted online following a cyberattack on the company’s IT platform.

The attack originally took place on September 28, when Pinnacle Midlands Health Network’s practices were hit across New Zealand. The official statement suggested that the company’s IT systems were taken offline, although certain information could’ve been accessed.

"At this point in time, we cannot confirm what specific data or information may have been accessed, but we are working through a process to better understand that," the company’s chief executive Justin Butcher said.

Personal information stored by the network includes names, addresses, and other personal details. However, the group does not hold GP notes and consultation records.

Now, it’s evident that hackers managed to obtain data of up to 450,000 people, as it’s been posted to the dark web, according to Butcher.

"Over the past 24 hours, we were notified by our security experts that the data taken from our IT platform had been released by malicious actors," he said.

The obtained data related to hospital services – including immunization and screening statuses – received by past and present patients of the Pinnacle Midlands Health Network’s practices in the Waikato, Lakes, Taranaki, and Tairawhiti districts.

The group is currently in contact with the Police and Office of the Privacy Commissioner, and the affected practices continue providing services as normal.