Cyber Incident Victim: Te Whatu Ora Health New Zealand
Date:
Nov 2022
Location:
New Zealand
Summary
A cyber incident impacting a third-party IT provider used by Te Whatu Ora Health New Zealand resulted in blocked access to approximately 14,000 records across bereavement care services and cardiac inherited disease registries, with no evidence of unauthorized data access or download. The breach also affected six health regulatory authorities hosted by the same provider, though health service delivery remained uninterrupted. Investigations involving government agencies and cybersecurity experts are ongoing to determine the full scope and impact, while affected individuals are offered support through dedicated helplines and specialist services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber security incident impacting an IT service provider used by Te Whatu Ora Health New Zealand was disclosed on November 30, 2022, disrupting access to specific health data repositories. The attack did not directly target Te Whatu Ora’s systems but compromised the third-party provider’s infrastructure, blocking access to approximately 14,000 records across two primary datasets. Clinical teams lost access to Middlemore Hospital’s bereavement care service records containing approximately 8,500 entries dating back to 2015, alongside the Cardiac Inherited Disease Registry’s 5,500 records dating to 2011, which supported clinicians across Auckland, Wellington, Tauranga, Waikato, and Nelson. Six health regulatory authorities hosted by the same IT provider—including the Optometrists and Dispensing Opticians Board, Chiropractic Board, Podiatrists Board, Psychologists Board, Dietitians Board, and Physiotherapy Board—also experienced service disruptions. Te Whatu Ora confirmed no evidence of unauthorized data access or exfiltration at this preliminary stage and emphasized no operational disruptions to frontline health services. Initial investigations involved collaboration between Te Whatu Ora’s cyber security team, government agencies, and the compromised IT provider to assess the breach’s scope and origin.
Te Whatu Ora activated a public support protocol, establishing a dedicated helpline (0800 638 924) operating weekdays from 8:30 AM to 5:00 PM for concerned individuals and directing affected parties to IDCARE, a specialist cyber incident support service. The organization maintained ongoing communication with the six impacted regulatory boards to coordinate assistance while continuing forensic analysis to determine the attack’s full extent. Public statements reiterated that clinical operations remained unaffected despite the data accessibility issues and advised vigilance regarding personal information security. Updates were promised as investigations progressed, with a focus on verifying data integrity and containment measures. The incident marked the third major third-party cyber breach affecting New Zealand’s health sector within a week, following separate attacks on insurers MAS and Accuro through their external service providers earlier in December.