Cyber Incident Victim: Tu Ora Compass Health
Date:
Aug 2019
Location:
New Zealand
Summary
A cyber attack targeting Tu Ora Compass Health disrupted services by forcing its website and four affiliated medical centers' sites offline. The attacker, identified as "VandaTheGod," initially claimed the incident was a protest action but later denied intentionally targeting medical entities, suggesting possible confusion between government or educational systems and healthcare infrastructure. The disruption prevented public access to the affected medical practice websites, though no explicit data compromise or patient harm was detailed in available reports. The attacker's contradictory statements highlighted uncertainties around motive and target selection.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 6 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 17, 2019, a cyber attack targeting Tu Ora Compass Health disrupted healthcare services in New Zealand’s Wairarapa region. The incident affected Tu Ora Compass Health’s primary server, forcing the organization to take its website offline as a containment measure. Four affiliated medical centers—Kuripuni Medical Centre, Greytown Medical Centre, Featherston Medical Centre, and Carterton Medical Centre—experienced collateral damage, with their websites becoming inaccessible to patients and staff. The attack was characterized as part of a broader global cybersecurity incident, though specific technical details about the attack vector or malware used were not disclosed in available reporting. No patient data breaches or clinical system compromises were explicitly confirmed, but the takedown of critical online platforms created operational disruptions for the affected medical practices during the outage period.
The attacker, using the alias “VandaTheGod,” claimed responsibility for related cyber activities in communications with DataBreaches.net via Twitter direct messages. When confronted about targeting medical facilities, VandaTheGod initially framed the actions as protest-related, stating “Protest, my brother. Its spam my mensage” [sic], but later denied intentionally attacking healthcare entities, asserting “My atack gov edu” [sic] and expressing uncertainty upon reviewing reports of the medical center disruptions. The attacker speculated that medical sites might have been compromised due to potential .edu domain affiliations with academic institutions, replying “Hm” when presented with this hypothesis but offering no further clarification or acknowledgment. DataBreaches.net contextualized the incident within broader ethical concerns regarding hacktivism, criticizing attacks on medical infrastructure as endangering public welfare despite perpetrator claims of social or political motives. The prolonged website outages demonstrated tangible impacts on healthcare providers’ digital operations, though restoration timelines and technical remediation steps were not detailed in public disclosures.