6 Dec 2022

Investigation underway into cyber attack which hit thousands of coronial and health files

9:35 pm on 6 December 2022
Hacker, cyber attack, (File photo)

Photo: 123RF

A cyber attack affecting thousands of coronial and health files has forced a "thorough investigation" by digital security experts.

The Ministry of Justice and Te Whatu Ora said access to data held by external IT provider Mercury IT has been blocked and multiple agencies were assessing the extent of the problem.

Access to 14,500 coronial files and about 4000 post mortem reports from around the country have been affected.

The coronial files relate to the transportation of people who have died during the period of November 2018 to November 2022.

The ministry said post-mortem data related to files from the Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland regions from March

2020 to November 2022.

About 8500 records for bereavement care services at Auckland's Middlemore Hospital and about 5500 files on the Cardiac and Inherited Disease Registry have also been impacted.

Te Whatu Ora said the registry was accessed by clinicians in Auckland, Wellington, Tauranga, Waikato, and Nelson.

The Privacy Commissioner's office said it was notified of the attack on November 30.

"Urgent work is underway to understand the number of organisations affected, the nature of the information involved and the extent to which any information has been copied out of the system," a spokeswoman said.

"The Office of the Privacy Commissioner is planning on opening a compliance investigation into this incident so that it can make full use of its information gathering powers."

It added cyber security breaches were "unfortunately becoming a regular occurrence".

"It is important that people who receive or find information related to this, or any other cyber attack, do the right thing.

"Do not spread it ... do not share it ... report it to the police."

Both the Ministry of Justice and Te Whatu Ora said there was no evidence of any unauthorised access or downloading of the files.

But the ministry's chief operating officer Carl Crafar could not rule out this possibility.

"We acknowledge that this incident has affected information that is sensitive," he said.

"We will continue working to understand the extent of the incident.

"We are conscious that so-called malicious actors behind such activity can monitor public commentary on incidents of this nature so will not be providing more detailed information on our responses at this time."

Six regulatory health authorities have also been hit, comprising of include the Optometrists and Dispensing Opticians Board of New Zealand, the Chiropractic Board, the Podiatrists Board, the New Zealand Psychologists Board, the Dieticians Board, and the Physiotherapy Board of New Zealand.

"We understand that this situation may be distressing for people," a Te Whatu Ora spokeswoman said.

"We want to reassure the public that we are working swiftly with other government agencies and cyber security experts to determine the full nature, extent and potential impact of this incident."

A newly-released report into last year's cyber attack of the Waikato District Health Board said Te Whatu Ora needs to "think like a hacker" when building its security softwares.

The ransomware attack last May brought the DHB's hospitals and services to a halt for days, as it tried to restore its IT systems.

Get the RNZ app

for ad-free news and current affairs