Cyber Incident Victim: Carterton Medical Centre
Date:
Aug 2019
Location:
New Zealand
Summary
A cyber attack targeting a New Zealand healthcare organization disrupted access to its website and four affiliated medical centers, forcing their systems offline. The attacker, using the alias "VandaTheGod," initially claimed responsibility as a form of protest but later denied intentionally targeting medical facilities, asserting their focus was government and educational institutions. The actor expressed confusion upon learning the impacted servers belonged to healthcare entities, suggesting possible unintended collateral damage. The incident highlighted risks to critical healthcare infrastructure, with the attacker's communications indicating inconsistent awareness of the actual targets affected by their actions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 6 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A global cyber security attack impacted Tu Ora Compass Health and affiliated medical centers in New Zealand's Wairarapa region around August 16, 2019. The compromise of a Tu Ora Compass Health server forced the organization to take down its primary website along with the websites of four medical practices: Kuripuni Medical Centre, Greytown Medical Centre, Featherston Medical Centre, and Carterton Medical Centre. This disruption rendered all affected websites inaccessible to the public, directly impairing online services for these healthcare providers. The incident attracted media attention within 24 hours, with initial reports confirming the coordinated takedown of digital assets but lacking technical specifics about the attack vector or data compromise. No patient data breaches or clinical system intrusions were explicitly confirmed in available reports. The attack's global nature suggested possible connection to broader threat actor campaigns rather than isolated targeting of healthcare entities.
The hacker using the alias "VandaTheGod" claimed responsibility for related cyber activities when confronted via Twitter direct message on August 17, 2019. VandaTheGod initially characterized the attack as protest-related "spam" messaging but denied intentionally targeting medical facilities after reviewing news reports. The threat actor asserted their operations focused on government (.gov) and education (.edu) domains, expressing surprise when informed that medical centers might operate under .edu extensions through academic affiliations. This exchange revealed potential collateral damage from indiscriminate targeting of domain categories, though VandaTheGod provided no evidence supporting claims about restricting attacks to specific sectors. The incident highlighted risks to healthcare infrastructure even from actors purportedly avoiding medical targets, particularly when automated tools or broad-scope attacks affect interconnected systems. Public condemnation emerged regarding cyber attacks against medical providers given their critical role in community health services.