- Data stolen in a cyberattack on medical practices has been uploaded online
- Patients from Waikato, Lakes, Taranaki and Tairāwhiti have been affected
- Pinnacle Health does not hold general practice notes or consultation records
Patient information extracted from the Pinnacle Health network during a cyberattack was allegedly uploaded to the dark web on the Internet.
The initial incident on September 28 compromised details kept by Waikato and Bay of Plenty healthcare provider Pinnacle, which operates dozens of medical practices.
The information and data relate to past and present patients and clients of Pinnacle Group in the districts of Waikato, Lakes, Taranaki and Tairāwhiti.
It also includes Primary Health Care Ltd practices in Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato.
MARK TAYLOR / TIPS
Patient information held by PHO Pinnacle was allegedly compromised in a cyberattack (video first posted on Tuesday).
* Pinnacle attack cybercrime reminder here to stay
* Administrative account likely used in cyberattack on healthcare provider Pinnacle, expert says
* A system error affects GPs across the country
An investigation is trying to determine how much data was taken, Pinnacle chief executive Justin Butcher said.
“Over the weekend, we were informed by our security experts that data extracted from our computing platform had been released by malicious actors.”
“We recognize that this will be of concern to our patients and their whānau, and we take this seriously. Our immediate goal is to support those who may have been affected and to work with the authorities to ensure we are doing everything we need to be.
Butcher said he understood the data was on the dark web.
“I am in no way an expert on the dark web. I am a paramedic by trade. So we understand that it was uploaded to the dark web, which is a subset of the internet, which is not easily accessible for the average person and requires specialized software.
He said Pinnacle did not hold GP notes or consultation records, but the organization now had a better understanding of the stolen data.
It includes high-level data related to the use of hospital services, inquiries related to services provided by Pinnacle, and information sent to practices regarding the vaccination and screening status of individual patients.
“It is extremely unfortunate, and we are gutted as it impacts our whānau as well. who may have been affected.
Butcher could not confirm whether Pinnacle received a ransom note.
“Based on the advice of our security experts, we do not answer this question.”
They are in contact with the police and the Office of the Privacy Commissioner.
Calls are expected to increase to their toll-free helpline, which has been set up by Pinnacle through IDCare.
“We don’t yet have a number of patients who have called the IDCare number… We had it set up last week and the number of calls was not high, but it is a further development and may cause further anxiety for our patients.
Patients can call the helpline on 0800 121 068 and use the code PBN22, for those wanting more information.
All the practices concerned are still providing services and people can continue to receive treatment as normal.
Pinnacle intended to provide further public notices over the next few days.
IDCare New Zealand’s chief operating officer, Mark Rowley, said cyberattacks are on the rise at the moment. With not only Pinnacle Group among the latest victims, there was also a breach by Australian company Optus a week prior.
IDCare is a charitable company that offers an identity and cybercare service in New Zealand and Australia.
Rowley said what many bad actors/hackers would do is put the urgency on a scam, so they would try to get someone to take action immediately.
“So if someone gets an email or a phone call, take a breath and ask if it’s appropriate for the bank to ask for those kinds of details. These bad actors will get you to act immediately, they’re trying to catch you off guard.”
If you are unsure, call the entity back on a phone number you know.
It also doesn’t hurt to report the potential for a scam, people can get in touch with IDCare or Netsafe.
Rowley said the level of concern depends on what data is accessed or compromised, whether it’s their individual names, birthdates and addresses or whether it’s an identity date like driver’s license or passport.
They lead to potentially different results, so if name, date of birth, address data has been compromised, it could cause the attacker to seek out more information, so they can make it usable or salable .
In this case, Rowley said if it also involved an email account, you would want to change the passwords.
Whereas if identity document data has been lost, the potential for financial fraud comes into play.
“The first thing would be to contact one of the credit bureaus and probably freeze your credit file.
“This means that if there has been a finance request in progress, they will contact the credit bureau to try to access your file and that file will be blocked, so the finance request will not proceed.”
He said the dark web is really an encrypted area of the internet, which requires specialized equipment and skills to access.
“There are forums on the dark web that can be accessed and data can be exchanged. Or it could be a ransomware attack where the bad actor/hacker decides he wants to try and blackmail the organization he got the information from.