Private medical data of one million people potentially breached after hacking of Tū Ora Compass Health's website

Private data for around one million people has potentially been breached after it was revealed today that the website Tū Ora Compass Health was hacked in August.


The website, which collects and analyses data from medical centres, was "attacked as part of a global cyber incident" on August 5, the health organisation said in a statement.

People from the greater Wellington, Wairarapa and Manawatu regions dating as far back as 2002 could be potentially affected, they said.

"While this was an illegal attack by cyber criminals, it was our responsibility to keep your data safe and I am very sorry we have failed to do that," Tū Ora said. "We are now focused on doing everything we can to support people and making sure it can’t happen again."

An investigation also uncovered previous attacks dating from 2016 to early March 2019.

"As soon as we became aware, our server was taken offline, we strengthened our IT security and started an in-depth investigation," they said.

"We don't know the motive behind the attacks. We have laid a formal complaint with Police and they are investigating."

"We cannot say for certain whether or not the cyber attacks resulted in any patient information being accessed. Experts say it is likely we will never know. However, we have to assume the worst and that is why we are informing people."

Tū Ora does not hold GP notes, which are held by individual medical centres, meaning notes during consultations with your GP are not at risk of being illegally accessed, they said. Data from patient portals are also unaffected.

Anyone seking more information on the attack can contact 0800 499 500 or +64 6 9276930 for people calling from overseas.

"While we have no evidence that patient data was accessed, we encourage you to be vigilant to unusual online requests."