One Million New Zealanders Had Their Medical Data Exposed

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

According to an announcement by the Tū Ora Compass Health organization, approximately one million New Zealanders have had their sensitive medical data accessed by an unauthorized party quite a while back. The Wellington-based health organization has revealed that anyone who enrolled in one of their medical centers between 2002 and 2019 could have been affected by the data breach. The extent of the incident is so large that the organization has trouble ascertaining specific key aspects around it. For example, the Manawatū PHO THINK Hauora may or may not have been affected, and the one million citizens is a rough estimate right now that may be far from the actual truth.

Similarly, while the servers of Tū Ora have definitely been accessed, whether or not the actors touched any patient data remains unknown. The information that could have been downloaded from these servers includes full names, the National Health Index Number (NHIN), date of birth, ethnicity, and home address. For some patients, there are additional entries like their smoking status or information about any chronic conditions they may suffer from. A few thousands of the entries concern children patients, holding vaccination data, etc. Obviously, since the entries go back to 2002, some of the people who are affected are already dead now.

Furthering the uncertainty, Tū Ora can’t say anything about the attacker and who could be behind the hack. They only discovered it after their website was defaced, and took the server down for a closer investigation. As they clarify, they know little about what really happened because they kept no auditing logs before 2016. All that said, and as you can’t opt-out of the GP data collection right now due to system limitations, the only thing that you can do is to change your passwords everywhere and keep your software up to date.

Remember, you are now vulnerable to scams, phishing, impersonation, and other kinds of cyber-attacks, so stay alert. If you want to know more about whether you are among the affected, called Tū Ora’s support line on 0800 499 500, or +64 69276930 if you reside overseas. Right now, the Government Communications Security Bureau is actively involved in the case, so more details about what happened will surface soon. If you can’t wait until then and feel very distressed, there’s a special line for you on “1737”, set up for individual psychological support.

Are you among the affected, and did you receive any scam messages lately? Let us know of the details in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: