Cybercriminals have stolen the personal information of 1-million New Zealanders after Tū Ora Compass Health that provides data services to 4 other healthcare companies, was hacked. Tū Ora suffered four cyberattacks dating back to 2016 according to the Government Communications Security Bureau’s (GCSB) National Cyber Security Centre (NCSC).
Hackers are rational and opportunistic. When they attack digital assets, they target financial and demographic information they can resell or use for identity theft or financial fraud. In this case, there seems to be demographic information hackers can exploit, such as birthdate, ethnicity, addresses, and a unique identifier called the National Health Index number, among others—all data that can be linked to a large number of individual patients served by several healthcare organizations. Targeting the digital supply chain is not uncommon, especially where one supplier serves multiple organizations. Healthcare providers and their supply chain partners must bolster security measures around websites and mobile apps, which are increasingly being used by patients to do research and enter sensitive information. Their security mishaps often result from negligence and errors, such as failure to address publicly known web server vulnerabilities.