18 Mar 2021

Lumino dental firm email hack: Patient information accessed

4:31 pm on 18 March 2021

A dental company with 120 practices nationwide is confident a data breach at a Wellington surgery was an isolated incident.

(File photo).

Wellington Oral Surgery says it has advised patients about the hack and done a full review of its cybersecurity systems. Photo: 123rf

Wellington Oral Surgery, which is owned by Lumino, discovered on Monday a staff member's email account had been hacked and patients' personal information had been accessed.

The company sent out a notice to patients about the hack on Tuesday.

"It's incredibly disappointing and frustrating and it's also a concern for our patients," Lumino's New Zealand general manager Phillip Worsley said.

"We don't like this sort of thing happening and as a result we're doing a very thorough investigation because it's not on and we will address this to make sure it can't happen again."

Worsley said the company had notified the Privacy Commissioner, CertNZ and its third party cybersecurity provider.

As a result of the hack, some patients had been receiving suspicious emails.

"A lot of the advice is clearly to follow the normal cybersecurity guidelines around not clicking on links and emails that are suspicious, ignoring any unexpected invoices from Wellington Oral Surgery."

Worsley said following the breach it had done a full review of all its cybersecurity systems.

In a statement, CertNZ's incident response manager Nadia Yousef said people who have been on the receiving end of a phishing scam should report it to CertNZ immediately.

Phishing scams often mimic organisations to trick people into sharing their personal information and financial data and resulted in total losses of $7 million last year.

Get the RNZ app

for ad-free news and current affairs